1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd November 18, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blocklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va devmatch_blacklist 265.Pq Vt str 266This variable is deprecated. 267Use 268.Va devmatch_blocklist 269instead. 270A whitespace-separated list of kernel modules to be ignored by 271.Xr devmatch 8 . 272.It Va kld_list 273.Pq Vt str 274A whitespace-separated list of kernel modules to load right after 275the local disks are mounted, without any 276.Pa .ko 277extension or path. 278Loading modules at this point in the boot process is 279much faster than doing it via 280.Pa /boot/loader.conf 281for those modules not necessary for mounting local disks. 282.It Va kldxref_enable 283.Pq Vt bool 284Set to 285.Dq Li NO 286by default. 287Set to 288.Dq Li YES 289to automatically rebuild 290.Pa linker.hints 291files with 292.Xr kldxref 8 293at boot time. 294.It Va kldxref_clobber 295.Pq Vt bool 296Set to 297.Dq Li NO 298by default. 299If 300.Va kldxref_enable 301is true, 302setting to 303.Dq Li YES 304will overwrite existing 305.Pa linker.hints 306files at boot time. 307Otherwise, 308only missing 309.Pa linker.hints 310files are generated. 311.It Va kldxref_module_path 312.Pq Vt str 313Empty by default. 314A semi-colon 315.Pq Ql \&; 316delimited list of paths containing 317.Xr kld 4 318modules. 319If empty, 320the contents of the 321.Va kern.module_path 322.Xr sysctl 8 323are used. 324.It Va powerd_enable 325.Pq Vt bool 326If set to 327.Dq Li YES , 328enable the system power control facility with the 329.Xr powerd 8 330daemon. 331.It Va powerd_flags 332.Pq Vt str 333If 334.Va powerd_enable 335is set to 336.Dq Li YES , 337these are the flags to pass to the 338.Xr powerd 8 339daemon. 340.It Va tmpmfs 341Controls the creation of a 342.Pa /tmp 343memory file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /tmp 350is not writable. 351.It Va tmpsize 352Controls the size of a created 353.Pa /tmp 354memory file system. 355.It Va tmpmfs_flags 356Extra options passed to the 357.Xr mdmfs 8 358utility when the memory file system for 359.Pa /tmp 360is created. 361The default is 362.Dq Li "-S" , 363which inhibits the use of softupdates on 364.Pa /tmp 365so that file system space is freed without delay 366after file truncation or deletion. 367See 368.Xr mdmfs 8 369for other options you can use in 370.Va tmpmfs_flags . 371.It Va varmfs 372Controls the creation of a 373.Pa /var 374memory file system. 375Always happens if set to 376.Dq Li YES 377and never happens if set to 378.Dq Li NO . 379If set to anything else, a memory file system is created if 380.Pa /var 381is not writable. 382.It Va varsize 383Controls the size of a created 384.Pa /var 385memory file system. 386.It Va varmfs_flags 387Extra options passed to the 388.Xr mdmfs 8 389utility when the memory file system for 390.Pa /var 391is created. 392The default is 393.Dq Li "-S" , 394which inhibits the use of softupdates on 395.Pa /var 396so that file system space is freed without delay 397after file truncation or deletion. 398See 399.Xr mdmfs 8 400for other options you can use in 401.Va varmfs_flags . 402.It Va populate_var 403Controls the automatic population of the 404.Pa /var 405file system. 406Always happens if set to 407.Dq Li YES 408and never happens if set to 409.Dq Li NO . 410If set to anything else, a memory file system is created if 411.Pa /var 412is not writable. 413Note that this process requires access to certain commands in 414.Pa /usr 415before 416.Pa /usr 417is mounted on normal systems. 418.It Va cleanvar_enable 419.Pq Vt bool 420Clean the 421.Pa /var 422directory. 423.It Va local_startup 424.Pq Vt str 425List of directories to search for startup script files. 426.It Va script_name_sep 427.Pq Vt str 428The field separator to use for breaking down the list of startup script files 429into individual filenames. 430The default is a space. 431It is not necessary to change this unless there are startup scripts with names 432containing spaces. 433.It Va hostapd_enable 434.Pq Vt bool 435Set to 436.Dq Li YES 437to start 438.Xr hostapd 8 439at system boot time. 440.It Va hostname 441.Pq Vt str 442The fully qualified domain name (FQDN) of this host on the network. 443This should almost certainly be set to something meaningful, even if 444there is no network connection. 445If 446.Xr dhclient 8 447is used to set the hostname via DHCP, 448this variable should be set to an empty string. 449Within a 450.Xr jail 8 451the hostname is generally already set and this variable may be absent. 452If this value remains unset when the system is done booting 453your console login will display the default hostname of 454.Dq Amnesiac . 455.It Va nisdomainname 456.Pq Vt str 457The NIS domain name of this host, or 458.Dq Li NO 459if NIS is not used. 460.It Va dhclient_program 461.Pq Vt str 462Path to the DHCP client program 463.Pa ( /sbin/dhclient , 464the 465.Ox 466DHCP client, 467is the default). 468.It Va dhclient_flags 469.Pq Vt str 470Additional flags to pass to the DHCP client program. 471For the 472.Ox 473DHCP client, see the 474.Xr dhclient 8 475manpage for a description of the command line options available. 476.It Va dhclient_flags_ Ns Aq Ar iface 477Additional flags to pass to the DHCP client program running on 478.Ar iface 479only. 480When specified, this variable overrides 481.Va dhclient_flags . 482.It Va background_dhclient 483.Pq Vt bool 484Set to 485.Dq Li YES 486to start the DHCP client in background. 487This can cause trouble with applications depending on 488a working network, but it will provide a faster startup 489in many cases. 490.It Va background_dhclient_ Ns Aq Ar iface 491When specified, this variable overrides the 492.Va background_dhclient 493variable for interface 494.Ar iface 495only. 496.It Va synchronous_dhclient 497.Pq Vt bool 498Set to 499.Dq Li YES 500to start 501.Xr dhclient 8 502synchronously at startup. 503This behavior can be overridden on a per-interface basis by replacing 504the 505.Dq Li DHCP 506keyword in the 507.Va ifconfig_ Ns Aq Ar interface 508variable with 509.Dq Li SYNCDHCP 510or 511.Dq Li NOSYNCDHCP . 512.It Va defaultroute_delay 513.Pq Vt int 514When set to a positive value, wait up to this long after configuring 515DHCP interfaces at startup to give the interfaces time to receive a lease. 516.It Va firewall_enable 517.Pq Vt bool 518Set to 519.Dq Li YES 520to load firewall rules at startup. 521If the kernel was not built with 522.Cd "options IPFIREWALL" , 523the 524.Pa ipfw.ko 525kernel module will be loaded. 526See also 527.Va ipfilter_enable . 528.It Va firewall_script 529.Pq Vt str 530This variable specifies the full path to the firewall script to run. 531The default is 532.Pa /etc/rc.firewall . 533.It Va firewall_type 534.Pq Vt str 535Names the firewall type from the selection in 536.Pa /etc/rc.firewall , 537or the file which contains the local firewall ruleset. 538Valid selections from 539.Pa /etc/rc.firewall 540are: 541.Pp 542.Bl -tag -width ".Li workstation" -compact 543.It Li open 544unrestricted IP access 545.It Li closed 546all IP services disabled, except via 547.Dq Li lo0 548.It Li client 549basic protection for a workstation 550.It Li workstation 551basic protection for a workstation using stateful firewalling 552.It Li simple 553basic protection for a LAN. 554.El 555.Pp 556If a filename is specified, the full path 557must be given. 558.Pp 559Most of the predefined rulesets define additional configuration variables. 560These are documented in 561.Pa /etc/rc.firewall . 562.It Va firewall_quiet 563.Pq Vt bool 564Set to 565.Dq Li YES 566to disable the display of firewall rules on the console during boot. 567.It Va firewall_logging 568.Pq Vt bool 569Set to 570.Dq Li YES 571to enable firewall event logging. 572This is equivalent to the 573.Dv IPFIREWALL_VERBOSE 574kernel option. 575.It Va firewall_logif 576.Pq Vt bool 577Set to 578.Dq Li YES 579to create pseudo interface 580.Li ipfw0 581for logging. 582For more details, see 583.Xr ipfw 8 584manual page. 585.It Va firewall_flags 586.Pq Vt str 587Flags passed to 588.Xr ipfw 8 589if 590.Va firewall_type 591specifies a filename. 592.It Va firewall_coscripts 593.Pq Vt str 594List of executables and/or rc scripts to run after firewall starts/stops. 595Default is empty. 596.\" ----- firewall_nat_enable setting -------------------------------- 597.It Va firewall_nat_enable 598.Pq Vt bool 599The 600.Xr ipfw 8 601equivalent of 602.Va natd_enable . 603Setting this to 604.Dq Li YES 605will automatically load the 606.Xr ipfw 8 607NAT kernel module if 608.Va firewall_enable 609is also set to 610.Dq Li YES . 611.It Va firewall_nat_interface 612.Pq Vt str 613The 614.Xr ipfw 8 615equivalent of 616.Va natd_interface . 617This is the name of the public interface or IP address on which 618kernel NAT should run. 619.It Va firewall_nat_flags 620.Pq Vt str 621Additional configuration parameters for kernel NAT should be placed here. 622.It Va firewall_nat64_enable 623.Pq Vt bool 624Setting this to 625.Dq Li YES 626will automatically load the 627.Xr ipfw 8 628NAT64 kernel module if 629.Va firewall_enable 630is also set to 631.Dq Li YES . 632.It Va firewall_nptv6_enable 633.Pq Vt bool 634Setting this to 635.Dq Li YES 636will automatically load the 637.Xr ipfw 8 638NPTv6 kernel module if 639.Va firewall_enable 640is also set to 641.Dq Li YES . 642.It Va firewall_pmod_enable 643.Pq Vt bool 644Setting this to 645.Dq Li YES 646will automatically load the 647.Xr ipfw 8 648pmod kernel module if 649.Va firewall_enable 650is also set to 651.Dq Li YES . 652.It Va dummynet_enable 653.Pq Vt bool 654Setting this to 655.Dq Li YES 656will automatically load the 657.Xr dummynet 4 658module if 659.Va firewall_enable 660is also set to 661.Dq Li YES . 662.\" ------------------------------------------------------------------- 663.It Va ipfw_netflow_enable 664.Pq Vt bool 665Setting this to 666.Dq Li YES 667will enable netflow logging via 668.Xr ng_netflow 4 669.Pp 670By default a ipfw rule is inserted and all packets are duplicated with 671the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 672port using protocol version 5. 673.It Va ipfw_netflow_hook 674.Pq Vt int 675netflow hook name, must be numerical 676(default 677.Pa 9995 ) . 678.It Va ipfw_netflow_rule 679.Pq Vt int 680ipfw rule number 681(default 682.Pa 1000 ) . 683.It Va ipfw_netflow_ip 684.Pq Vt str 685Destination server ip for receiving netflow data 686(default 687.Pa 127.0.0.1 ) . 688.It Va ipfw_netflow_port 689.Pq Vt int 690Destination server port for receiving netflow data 691(default 692.Pa 9995 ) . 693.It Va ipfw_netflow_version 694.Pq Vt int 695Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 696.It Va ipfw_netflow_fib 697.Pq Vt int 698Only match packet in FIB 699.Pa ipfw_netflow_fib 700(default is undefined meaning all FIBs). 701.It Va natd_program 702.Pq Vt str 703Path to 704.Xr natd 8 . 705.It Va natd_enable 706.Pq Vt bool 707Set to 708.Dq Li YES 709to enable 710.Xr natd 8 . 711.Va firewall_enable 712must also be set to 713.Dq Li YES , 714and 715.Xr divert 4 716sockets must be enabled in the kernel. 717If the kernel was not built with 718.Cd "options IPDIVERT" , 719the 720.Pa ipdivert.ko 721kernel module will be loaded. 722.It Va natd_interface 723.Pq Vt str 724This is the name of the public interface on which 725.Xr natd 8 726should run. 727The interface may be given as an interface name or as an IP address. 728.It Va natd_flags 729.Pq Vt str 730Additional 731.Xr natd 8 732flags should be placed here. 733The 734.Fl n 735or 736.Fl a 737flag is automatically added with the above 738.Va natd_interface 739as an argument. 740.\" ----- ipfilter_enable setting -------------------------------- 741.It Va ipfilter_enable 742.Pq Vt bool 743Set to 744.Dq Li NO 745by default. 746Setting this to 747.Dq Li YES 748enables 749.Xr ipf 8 750packet filtering. 751.Pp 752Typical usage will require putting 753.Bd -literal 754ipfilter_enable="YES" 755ipnat_enable="YES" 756ipmon_enable="YES" 757ipfs_enable="YES" 758.Ed 759.Pp 760into 761.Pa /etc/rc.conf 762and editing 763.Pa /etc/ipf.rules 764and 765.Pa /etc/ipnat.rules 766appropriately. 767.Pp 768Note that 769.Va ipfilter_enable 770and 771.Va ipnat_enable 772can be enabled independently. 773.Va ipmon_enable 774and 775.Va ipfs_enable 776both require at least one of 777.Va ipfilter_enable 778and 779.Va ipnat_enable 780to be enabled. 781.Pp 782Having 783.Bd -literal 784options IPFILTER 785options IPFILTER_LOG 786options IPFILTER_DEFAULT_BLOCK 787.Ed 788.Pp 789in the kernel configuration file is a good idea, too. 790.\" ----- ipfilter_program setting ------------------------------ 791.It Va ipfilter_program 792.Pq Vt str 793Path to 794.Xr ipf 8 795(default 796.Pa /sbin/ipf ) . 797.\" ----- ipfilter_rules setting -------------------------------- 798.It Va ipfilter_rules 799.Pq Vt str 800Set to 801.Pa /etc/ipf.rules 802by default. 803This variable contains the name of the filter rule definition file. 804The file is expected to be readable for the 805.Xr ipf 8 806command to execute. 807.\" ----- ipfilter_flags setting -------------------------------- 808.It Va ipfilter_flags 809.Pq Vt str 810Empty by default. 811This variable contains flags passed to the 812.Xr ipf 8 813program. 814.\" ----- ipnat_enable setting ---------------------------------- 815.It Va ipnat_enable 816.Pq Vt bool 817Set to 818.Dq Li NO 819by default. 820Set it to 821.Dq Li YES 822to enable 823.Xr ipnat 8 824network address translation. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828.\" ----- ipnat_program setting --------------------------------- 829.It Va ipnat_program 830.Pq Vt str 831Path to 832.Xr ipnat 8 833(default 834.Pa /sbin/ipnat ) . 835.\" ----- ipnat_rules setting ----------------------------------- 836.It Va ipnat_rules 837.Pq Vt str 838Set to 839.Pa /etc/ipnat.rules 840by default. 841This variable contains the name of the file 842holding the network address translation definition. 843This file is expected to be readable for the 844.Xr ipnat 8 845command to execute. 846.\" ----- ipnat_flags setting ----------------------------------- 847.It Va ipnat_flags 848.Pq Vt str 849Empty by default. 850This variable contains flags passed to the 851.Xr ipnat 8 852program. 853.\" ----- ipmon_enable setting ---------------------------------- 854.It Va ipmon_enable 855.Pq Vt bool 856Set to 857.Dq Li NO 858by default. 859Set it to 860.Dq Li YES 861to enable 862.Xr ipmon 8 863monitoring (logging 864.Xr ipf 8 865and 866.Xr ipnat 8 867events). 868Setting this variable needs setting 869.Va ipfilter_enable 870or 871.Va ipnat_enable 872too. 873See 874.Va ipfilter_enable 875for a detailed discussion. 876.\" ----- ipmon_program setting --------------------------------- 877.It Va ipmon_program 878.Pq Vt str 879Path to 880.Xr ipmon 8 881(default 882.Pa /sbin/ipmon ) . 883.\" ----- ipmon_flags setting ----------------------------------- 884.It Va ipmon_flags 885.Pq Vt str 886Set to 887.Dq Li -Ds 888by default. 889This variable contains flags passed to the 890.Xr ipmon 8 891program. 892Another typical example would be 893.Dq Fl D Pa /var/log/ipflog 894to have 895.Xr ipmon 8 896log directly to a file bypassing 897.Xr syslogd 8 . 898Make sure to adjust 899.Pa /etc/newsyslog.conf 900in such case like this: 901.Bd -literal 902/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 903.Ed 904.\" ----- ipfs_enable setting ----------------------------------- 905.It Va ipfs_enable 906.Pq Vt bool 907Set to 908.Dq Li NO 909by default. 910Set it to 911.Dq Li YES 912to enable 913.Xr ipfs 8 914saving the filter and NAT state tables during shutdown 915and reloading them during startup again. 916Setting this variable needs setting 917.Va ipfilter_enable 918or 919.Va ipnat_enable 920to 921.Dq Li YES 922too. 923See 924.Va ipfilter_enable 925for a detailed discussion. 926Note that if 927.Va kern_securelevel 928is set to 3, 929.Va ipfs_enable 930cannot be used 931because the raised securelevel will prevent 932.Xr ipfs 8 933from saving the state tables at shutdown time. 934.\" ----- ipfs_program setting ---------------------------------- 935.It Va ipfs_program 936.Pq Vt str 937Path to 938.Xr ipfs 8 939(default 940.Pa /sbin/ipfs ) . 941.\" ----- ipfs_flags setting ------------------------------------ 942.It Va ipfs_flags 943.Pq Vt str 944Empty by default. 945This variable contains flags passed to the 946.Xr ipfs 8 947program. 948.\" ----- end of added ipf hook --------------------------------- 949.It Va pf_enable 950.Pq Vt bool 951Set to 952.Dq Li NO 953by default. 954Setting this to 955.Dq Li YES 956enables 957.Xr pf 4 958packet filtering. 959.Pp 960Typical usage will require putting 961.Pp 962.Dl pf_enable="YES" 963.Pp 964into 965.Pa /etc/rc.conf 966and editing 967.Pa /etc/pf.conf 968appropriately. 969Adding 970.Pp 971.Dl "device pf" 972.Pp 973builds support for 974.Xr pf 4 975into the kernel, otherwise the 976kernel module will be loaded. 977.It Va pf_rules 978.Pq Vt str 979Path to 980.Xr pf 4 981ruleset configuration file 982(default 983.Pa /etc/pf.conf ) . 984.It Va pf_program 985.Pq Vt str 986Path to 987.Xr pfctl 8 988(default 989.Pa /sbin/pfctl ) . 990.It Va pf_flags 991.Pq Vt str 992If 993.Va pf_enable 994is set to 995.Dq Li YES , 996these flags are passed to the 997.Xr pfctl 8 998program when loading the ruleset. 999.It Va pf_fallback_rules_enable 1000.Pq Vt bool 1001Set to 1002.Dq Li NO 1003by default. 1004Setting this to 1005.Dq Li YES 1006enables loading 1007.Va pf_fallback_rules_file 1008or 1009.Va pf_fallback_rules 1010in case of a problem when loading the ruleset in 1011.Va pf_rules . 1012.It Va pf_fallback_rules_file 1013.Pq Vt str 1014Path to a pf ruleset to load in case of failure when loading the 1015ruleset in 1016.Va pf_rules 1017(default 1018.Pa /etc/pf-fallback.conf ) . 1019.It Va pf_fallback_rules 1020.Pq Vt str 1021A pf ruleset to load in case of failure when loading the ruleset in 1022.Va pf_rules 1023and 1024.Va pf_fallback_rules_file 1025is not found. 1026Multiple rules can be set as follows: 1027.Bd -literal 1028pf_fallback_rules="\\ 1029 block drop log all\\ 1030 pass in quick on em0" 1031.Pp 1032.Ed 1033The default fallback rule is 1034.Dq block drop log all 1035.It Va pflog_enable 1036.Pq Vt bool 1037Set to 1038.Dq Li NO 1039by default. 1040Setting this to 1041.Dq Li YES 1042enables 1043.Xr pflogd 8 1044which logs packets from the 1045.Xr pf 4 1046packet filter. 1047.It Va pflog_logfile 1048.Pq Vt str 1049If 1050.Va pflog_enable 1051is set to 1052.Dq Li YES 1053this controls where 1054.Xr pflogd 8 1055stores the logfile 1056(default 1057.Pa /var/log/pflog ) . 1058Check 1059.Pa /etc/newsyslog.conf 1060to adjust logfile rotation for this. 1061.It Va pflog_program 1062.Pq Vt str 1063Path to 1064.Xr pflogd 8 1065(default 1066.Pa /sbin/pflogd ) . 1067.It Va pflog_flags 1068.Pq Vt str 1069Empty by default. 1070This variable contains additional flags passed to the 1071.Xr pflogd 8 1072program. 1073.It Va pflog_instances 1074.Pq Vt str 1075If logging to more than one 1076.Xr pflog 4 1077interface is desired, 1078.Va pflog_instances 1079is set to the list of 1080.Xr pflogd 8 1081instances that should be started at system boot time. 1082If 1083.Va pflog_instances 1084is set, for each whitespace-separated 1085.Ar element 1086in the list, 1087.Ao Ar element Ac Ns Va _dev 1088and 1089.Ao Ar element Ac Ns Va _logfile 1090elements are assumed to exist. 1091.Ao Ar element Ac Ns Va _dev 1092must contain the 1093.Xr pflog 4 1094interface to be watched by the named 1095.Xr pflogd 8 1096instance. 1097.Ao Ar element Ac Ns Va _logfile 1098must contain the name of the logfile that will be used by the 1099.Xr pflogd 8 1100instance. 1101.It Va ftpproxy_enable 1102.Pq Vt bool 1103Set to 1104.Dq Li NO 1105by default. 1106Setting this to 1107.Dq Li YES 1108enables 1109.Xr ftp-proxy 8 1110which supports the 1111.Xr pf 4 1112packet filter in translating ftp connections. 1113.It Va ftpproxy_flags 1114.Pq Vt str 1115Empty by default. 1116This variable contains additional flags passed to the 1117.Xr ftp-proxy 8 1118program. 1119.It Va ftpproxy_instances 1120.Pq Vt str 1121Empty by default. 1122If multiple instances of 1123.Xr ftp-proxy 8 1124are desired at boot time, 1125.Va ftpproxy_instances 1126should contain a whitespace-separated list of instance names. 1127For each 1128.Ar element 1129in the list, a variable named 1130.Ao Ar element Ac Ns Va _flags 1131should be defined, containing the command-line flags to be passed to the 1132.Xr ftp-proxy 8 1133instance. 1134.It Va pfsync_enable 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting this to 1140.Dq Li YES 1141enables exposing 1142.Xr pf 4 1143state changes to other hosts over the network by means of 1144.Xr pfsync 4 . 1145The 1146.Va pfsync_syncdev 1147variable 1148must also be set then. 1149.It Va pfsync_syncdev 1150.Pq Vt str 1151Empty by default. 1152This variable specifies the name of the network interface 1153.Xr pfsync 4 1154should operate through. 1155It must be set accordingly if 1156.Va pfsync_enable 1157is set to 1158.Dq Li YES . 1159.It Va pfsync_syncpeer 1160.Pq Vt str 1161Empty by default. 1162This variable is optional. 1163By default, state change messages are sent out on the synchronisation 1164interface using IP multicast packets. 1165The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1166224.0.0.240. 1167When a peer address is specified using the 1168.Va pfsync_syncpeer 1169option, the peer address is used as a destination for the pfsync 1170traffic, and the traffic can then be protected using 1171.Xr ipsec 4 . 1172See the 1173.Xr pfsync 4 1174manpage for more details about using 1175.Xr ipsec 4 1176with 1177.Xr pfsync 4 1178interfaces. 1179.It Va pfsync_ifconfig 1180.Pq Vt str 1181Empty by default. 1182This variable can contain additional options to be passed to the 1183.Xr ifconfig 8 1184command used to set up 1185.Xr pfsync 4 . 1186.It Va tcp_extensions 1187.Pq Vt bool 1188Set to 1189.Dq Li YES 1190by default. 1191Setting this to 1192.Dq Li NO 1193disables certain TCP options as described by 1194.Rs 1195.%T "RFC 1323" 1196.Re 1197Setting this to 1198.Dq Li NO 1199might help remedy such problems with connections as randomly hanging 1200or other weird behavior. 1201Some network devices are known 1202to be broken with respect to these options. 1203.It Va log_in_vain 1204.Pq Vt int 1205Set to 0 by default. 1206The 1207.Xr sysctl 8 1208variables, 1209.Va net.inet.tcp.log_in_vain 1210and 1211.Va net.inet.udp.log_in_vain , 1212as described in 1213.Xr tcp 4 1214and 1215.Xr udp 4 , 1216are set to the given value. 1217.It Va tcp_keepalive 1218.Pq Vt bool 1219Set to 1220.Dq Li YES 1221by default. 1222Setting to 1223.Dq Li NO 1224will disable probing idle TCP connections to verify that the 1225peer is still up and reachable. 1226.It Va tcp_drop_synfin 1227.Pq Vt bool 1228Set to 1229.Dq Li NO 1230by default. 1231Setting to 1232.Dq Li YES 1233will cause the kernel to ignore TCP frames that have both 1234the SYN and FIN flags set. 1235This prevents OS fingerprinting, but may 1236break some legitimate applications. 1237.It Va icmp_drop_redirect 1238.Pq Vt bool 1239Set to 1240.Dq Li AUTO 1241by default. 1242This setting will be identical to 1243.Dq Li YES , 1244if a dynamicrouting daemon is enabled, because redirect processing may 1245cause performance issues for large routing tables. 1246If no such service is enabled, this setting behaves like a 1247.Dq Li NO . 1248Setting to 1249.Dq Li YES 1250will cause the kernel to ignore ICMP REDIRECT packets. 1251Setting to 1252.Dq Li NO 1253will cause the kernel to process ICMP REDIRECT packets. 1254Refer to 1255.Xr icmp 4 1256for more information. 1257.It Va icmp_log_redirect 1258.Pq Vt bool 1259Set to 1260.Dq Li NO 1261by default. 1262Setting to 1263.Dq Li YES 1264will cause the kernel to log ICMP REDIRECT packets. 1265Note that 1266the log messages are not rate-limited, so this option should only be used 1267for troubleshooting networks. 1268Refer to 1269.Xr icmp 4 1270for more information. 1271.It Va icmp_bmcastecho 1272.Pq Vt bool 1273Set to 1274.Dq Li YES 1275to respond to broadcast or multicast ICMP ping packets. 1276Refer to 1277.Xr icmp 4 1278for more information. 1279.It Va ip_portrange_first 1280.Pq Vt int 1281If not set to 1282.Dq Li NO , 1283this is the first port in the default portrange. 1284Refer to 1285.Xr ip 4 1286for more information. 1287.It Va ip_portrange_last 1288.Pq Vt int 1289If not set to 1290.Dq Li NO , 1291this is the last port in the default portrange. 1292Refer to 1293.Xr ip 4 1294for more information. 1295.It Va network_interfaces 1296.Pq Vt str 1297Set to the list of network interfaces to configure on this host or 1298.Dq Li AUTO 1299(the default) for all current interfaces. 1300Setting the 1301.Va network_interfaces 1302variable to anything other than the default is deprecated. 1303Interfaces that the administrator wishes to store configuration for, 1304but not start at boot should be configured with the 1305.Dq Li NOAUTO 1306keyword in their 1307.Va ifconfig_ Ns Aq Ar interface 1308variables as described below. 1309.Pp 1310An 1311.Va ifconfig_ Ns Aq Ar interface 1312variable is also assumed to exist for each value of 1313.Ar interface . 1314When an interface name contains any of the characters 1315.Dq Li .-/+ 1316they are translated to 1317.Dq Li _ 1318before lookup. 1319The variable can contain arguments to 1320.Xr ifconfig 8 , 1321as well as special case-insensitive keywords described below. 1322Such keywords are removed before passing the value to 1323.Xr ifconfig 8 1324while the order of the other arguments is preserved. 1325.Pp 1326It is possible to add IP alias entries using 1327.Xr ifconfig 8 1328syntax with the address family keyword such as 1329.Li inet . 1330Assuming that the interface in question was 1331.Li em0 , 1332it might look something like this: 1333.Bd -literal 1334ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1335ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1336.Ed 1337.Pp 1338It also possible to configure multiple IP addresses in Classless 1339Inter-Domain Routing 1340.Pq CIDR 1341address notation, 1342whose each address component can be a range like 1343.Li inet 192.0.2.5-23/24 1344or 1345.Li inet6 2001:db8:1-f::1/64 . 1346This notation allows address and prefix length part only, 1347not the other address modifiers. 1348Note that the maximum number of the generated addresses from a range 1349specification is limited to an integer value specified in 1350.Va netif_ipexpand_max 1351in 1352.Nm 1353because a small typo can unexpectedly generate a large number of addresses. 1354The default value is 1355.Li 2048 . 1356It can be increased by adding the following line into 1357.Nm : 1358.Bd -literal 1359netif_ipexpand_max="4096" 1360.Ed 1361.Pp 1362In the case of 1363.Li 192.0.2.5-23/24 , 1364the address 192.0.2.5 will be configured with the 1365netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1366the non-conflicting netmask /32 as explained in the 1367.Xr ifconfig 8 1368alias section. 1369Note that this special netmask handling is only for 1370.Li inet , 1371not for the other address families such as 1372.Li inet6 . 1373.Pp 1374With the interface in question being 1375.Li em0 , 1376an example could look like: 1377.Bd -literal 1378ifconfig_em0_alias2="inet 192.0.2.129/27" 1379ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1380.Ed 1381.Pp 1382and so on. 1383.Pp 1384Note that deprecated 1385.Va ipv4_addrs_ Ns Aq Ar interface 1386variable was supported for IPv4 CIDR address notation. 1387The 1388.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1389variable replaces it, though 1390.Va ipv4_addrs_ Ns Aq Ar interface 1391is still supported for backward compatibility. 1392.Pp 1393For each 1394.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1395entry with an address family keyword, 1396its contents are passed to 1397.Xr ifconfig 8 . 1398Execution stops at the first unsuccessful access, so if 1399something like this is present: 1400.Bd -literal 1401ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1402ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1403ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1404ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1405.Ed 1406.Pp 1407Then note that alias4 would 1408.Em not 1409be added since the search would 1410stop with the missing 1411.Dq Li alias3 1412entry. 1413Because of this difficult to manage behavior, 1414there is 1415.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1416variable, which has the same functionality as 1417.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1418and can have all of entries in a variable like the following: 1419.Bd -literal 1420ifconfig_em0_aliases="\\ 1421 inet 127.0.0.251 netmask 0xffffffff \\ 1422 inet 127.0.0.252 netmask 0xffffffff \\ 1423 inet 127.0.0.253 netmask 0xffffffff \\ 1424 inet 127.0.0.254 netmask 0xffffffff" 1425.Ed 1426.Pp 1427It also supports CIDR notation. 1428.Pp 1429If the 1430.Pa /etc/start_if . Ns Aq Ar interface 1431file is present, it is read and executed by the 1432.Xr sh 1 1433interpreter 1434before configuring the interface as specified in the 1435.Va ifconfig_ Ns Aq Ar interface 1436and 1437.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1438variables. 1439.Pp 1440If a 1441.Va vlans_ Ns Aq Ar interface 1442variable is set, 1443a 1444.Xr vlan 4 1445interface will be created for each item in the list with the 1446.Ar vlandev 1447argument set to 1448.Ar interface . 1449If a vlan interface's name is a number, 1450then that number is used as the vlan tag and the new vlan interface is 1451named 1452.Ar interface . Ns Ar tag . 1453Otherwise, 1454the vlan tag must be specified via a 1455.Va vlan 1456parameter in the 1457.Va create_args_ Ns Aq Ar interface 1458variable. 1459.Pp 1460To create a vlan device named 1461.Li em0.101 1462on 1463.Li em0 1464with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1465.Bd -literal 1466vlans_em0="101" 1467ifconfig_em0_101="inet 192.0.2.1/24" 1468.Ed 1469.Pp 1470To create a vlan device named 1471.Li myvlan 1472on 1473.Li em0 1474with the vlan tag 102: 1475.Bd -literal 1476vlans_em0="myvlan" 1477create_args_myvlan="vlan 102" 1478.Ed 1479.Pp 1480If a 1481.Va wlans_ Ns Aq Ar interface 1482variable is set, 1483an 1484.Xr wlan 4 1485interface will be created for each item in the list with the 1486.Ar wlandev 1487argument set to 1488.Ar interface . 1489Further wlan cloning arguments may be passed to the 1490.Xr ifconfig 8 1491.Cm create 1492command by setting the 1493.Va create_args_ Ns Aq Ar interface 1494variable. 1495One or more 1496.Xr wlan 4 1497devices must be created for each wireless devices as of 1498.Fx 8.0 . 1499Debugging flags for 1500.Xr wlan 4 1501devices as set by 1502.Xr wlandebug 8 1503may be specified with an 1504.Va wlandebug_ Ns Aq Ar interface 1505variable. 1506The contents of this variable will be passed directly to 1507.Xr wlandebug 8 . 1508.Pp 1509If the 1510.Va ifconfig_ Ns Aq Ar interface 1511contains the keyword 1512.Dq Li NOAUTO 1513then the interface will not be configured 1514at boot or by 1515.Pa /etc/pccard_ether 1516when 1517.Va network_interfaces 1518is set to 1519.Dq Li AUTO . 1520.Pp 1521It is possible to bring up an interface with DHCP by adding 1522.Dq Li DHCP 1523to the 1524.Va ifconfig_ Ns Aq Ar interface 1525variable. 1526For instance, to initialize the 1527.Li em0 1528device via DHCP, 1529it is possible to use something like: 1530.Bd -literal 1531ifconfig_em0="DHCP" 1532.Ed 1533.Pp 1534If you want to configure your wireless interface with 1535.Xr wpa_supplicant 8 1536for use with WPA, EAP/LEAP or WEP, you need to add 1537.Dq Li WPA 1538to the 1539.Va ifconfig_ Ns Aq Ar interface 1540variable. 1541.Pp 1542On the other hand, if you want to configure your wireless interface with 1543.Xr hostapd 8 , 1544you need to add 1545.Dq Li HOSTAP 1546to the 1547.Va ifconfig_ Ns Aq Ar interface 1548variable. 1549.Xr hostapd 8 1550will use the settings from 1551.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1552.Pp 1553Finally, you can add 1554.Xr ifconfig 8 1555options in this variable, in addition to the 1556.Pa /etc/start_if . Ns Aq Ar interface 1557file. 1558For instance, to configure an 1559.Xr ath 4 1560wireless device in station mode with an address obtained 1561via DHCP, using WPA authentication and 802.11b mode, it is 1562possible to use something like: 1563.Bd -literal 1564wlans_ath0="wlan0" 1565ifconfig_wlan0="DHCP WPA mode 11b" 1566.Ed 1567.Pp 1568In addition to the 1569.Va ifconfig_ Ns Aq Ar interface 1570form, a fallback variable 1571.Va ifconfig_DEFAULT 1572may be configured. 1573It will be used for all interfaces with no 1574.Va ifconfig_ Ns Aq Ar interface 1575variable. 1576This is intended to replace the no longer supported 1577.Va pccard_ifconfig 1578variable. 1579.Pp 1580It is also possible to rename an interface by doing: 1581.Bd -literal 1582ifconfig_em0_name="net0" 1583ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1584.Ed 1585.It Va ipv6_enable 1586.Pq Vt bool 1587This variable is deprecated. 1588Use 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1590and 1591.Va ipv6_activate_all_interfaces 1592if necessary. 1593.Pp 1594If the variable is 1595.Dq Li YES , 1596.Dq Li inet6 accept_rtadv 1597is added to all of 1598.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1599and the 1600.Va ipv6_activate_all_interfaces 1601is defined as 1602.Dq Li YES . 1603.It Va ipv6_prefer 1604.Pq Vt bool 1605This variable is deprecated. 1606Use 1607.Va ip6addrctl_policy 1608instead. 1609.Pp 1610If the variable is 1611.Dq Li YES , 1612the default address selection policy table set by 1613.Xr ip6addrctl 8 1614will be IPv6-preferred. 1615.Pp 1616If the variable is 1617.Dq Li NO , 1618the default address selection policy table set by 1619.Xr ip6addrctl 8 1620will be IPv4-preferred. 1621.It Va ipv6_activate_all_interfaces 1622.Pq Vt bool 1623This controls initial configuration on IPv6-capable 1624interfaces with no corresponding 1625.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1626variable. 1627Note that it is not always necessary to set this variable to 1628.Dq YES 1629to use IPv6 functionality on 1630.Fx . 1631In most cases, just configuring 1632.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1633variables works. 1634.Pp 1635If the variable is 1636.Dq Li NO , 1637all interfaces which do not have a corresponding 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639variable will be marked as 1640.Dq Li IFDISABLED 1641at creation. 1642This means that all of IPv6 functionality on that interface 1643is completely disabled to enforce a security policy. 1644If the variable is set to 1645.Dq YES , 1646the flag will be cleared on all of the interfaces. 1647.Pp 1648In most cases, just defining an 1649.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1650for an IPv6-capable interface should be sufficient. 1651However, if an interface is added dynamically 1652.Pq by some tunneling protocols such as PPP, for example , 1653it is often difficult to define the variable in advance. 1654In such a case, configuring the 1655.Dq Li IFDISABLED 1656flag can be disabled by setting this variable to 1657.Dq YES . 1658.Pp 1659For more details of the 1660.Dq Li IFDISABLED 1661flag and keywords 1662.Dq Li inet6 ifdisabled , 1663see 1664.Xr ifconfig 8 . 1665.Pp 1666Default is 1667.Dq Li NO . 1668.It Va ipv6_privacy 1669.Pq Vt bool 1670If the variable is 1671.Dq Li YES 1672privacy addresses will be generated for each IPv6 1673interface as described in RFC 4941. 1674.It Va ipv6_network_interfaces 1675.Pq Vt str 1676This is the IPv6 equivalent of 1677.Va network_interfaces . 1678Normally manual configuration of this variable is not needed. 1679.It Va ipv6_cpe_wanif 1680.Pq Vt str 1681If the variable is set to an interface name, 1682the 1683.Xr ifconfig 8 1684options 1685.Dq inet6 -no_radr accept_rtadv 1686will be added to the specified interface automatically before evaluating 1687.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1688and two 1689.Xr sysctl 8 1690variables 1691.Va net.inet6.ip6.rfc6204w3 1692and 1693.Va net.inet6.ip6.no_radr 1694will be set to 1. 1695.Pp 1696This means the specified interface will accept ICMPv6 Router 1697Advertisement messages on that link and add the discovered 1698routers into the Default Router List. 1699While the other interfaces can still accept RA messages if the 1700.Dq inet6 accept_rtadv 1701option is specified, adding 1702routes into the Default Router List will be disabled by 1703.Dq inet6 no_radr 1704option by default. 1705See 1706.Xr ifconfig 8 1707for more details. 1708.Pp 1709Note that ICMPv6 Router Advertisement messages will be 1710accepted even when 1711.Va net.inet6.ip6.forwarding 1712is 1 1713.Pq packet forwarding is enabled 1714when 1715.Va net.inet6.ip6.rfc6204w3 1716is set to 1. 1717.Pp 1718Default is 1719.Dq Li NO . 1720.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1721.Pq Vt str 1722This assigns arbitrary description to an interface. 1723The 1724.Xr sysctl 8 1725variable 1726.Va net.ifdescr_maxlen 1727limits its length. 1728This static setting may be overridden by commands 1729started with dynamic interface configuration utilities 1730like 1731.Xr dhclient 8 1732hooks. 1733The description can be seen with 1734.Xr ifconfig 8 1735command and it may be exported with 1736.Xr bsnmpd 1 1737daemon using its MIB-2 module. 1738.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1739.Pq Vt str 1740IPv6 functionality on an interface should be configured by 1741.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1742instead of setting ifconfig parameters in 1743.Va ifconfig_ Ns Aq Ar interface . 1744If this variable is empty, all of IPv6 configurations on the 1745specified interface by other variables such as 1746.Va ipv6_prefix_ Ns Ao Ar interface Ac 1747will be ignored. 1748.Pp 1749Aliases should be set by 1750.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1751with 1752.Dq Li inet6 1753keyword. 1754For example: 1755.Bd -literal 1756ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1757ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1758.Ed 1759.Pp 1760Interfaces that have an 1761.Dq Li inet6 accept_rtadv 1762keyword in 1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1764setting will be automatically configured by SLAAC 1765.Pq StateLess Address AutoConfiguration 1766described in 1767.Rs 1768.%T "RFC 4862" 1769.Re 1770.Pp 1771Note that a link-local address will be automatically configured in 1772addition to the configured global-scope addresses because the IPv6 1773specifications require it on each link. 1774The address is calculated from the MAC address by using an algorithm 1775defined in 1776.Rs 1777.%T "RFC 4862" 1778.%O "Section 5.3" 1779.Re 1780.Pp 1781If only a link-local address is needed on the interface, 1782the following configuration can be used: 1783.Bd -literal 1784ifconfig_em0_ipv6="inet6 auto_linklocal" 1785.Ed 1786.Pp 1787A link-local address can also be configured manually. 1788This is useful for the default router address of an IPv6 router 1789so that it does not change when the network interface 1790card is replaced. 1791For example: 1792.Bd -literal 1793ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1794.Ed 1795.It Va ipv6_prefix_ Ns Aq Ar interface 1796.Pq Vt str 1797If one or more prefixes are defined in 1798.Va ipv6_prefix_ Ns Aq Ar interface 1799addresses based on each prefix and the EUI-64 interface index will be 1800configured on that interface. 1801Note that this variable will be ignored when 1802.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1803is empty. 1804.Pp 1805For example, the following configuration 1806.Bd -literal 1807ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1808.Ed 1809.Pp 1810is equivalent to the following: 1811.Bd -literal 1812ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1813ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1814ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1815ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1816.Ed 1817.Pp 1818These Subnet-Router anycast addresses will be added only when 1819.Va ipv6_gateway_enable 1820is YES. 1821.It Va ipv6_default_interface 1822.Pq Vt str 1823If not set to 1824.Dq Li NO , 1825this is the default output interface for scoped addresses. 1826This works only with ipv6_gateway_enable="NO". 1827.It Va ip6addrctl_enable 1828.Pq Vt bool 1829This variable is to enable configuring default address selection policy table 1830.Pq RFC 3484 . 1831The table can be specified in another variable 1832.Va ip6addrctl_policy . 1833For 1834.Va ip6addrctl_policy 1835the following keywords can be specified: 1836.Dq Li ipv4_prefer , 1837.Dq Li ipv6_prefer , 1838or 1839.Dq Li AUTO . 1840.Pp 1841If 1842.Dq Li ipv4_prefer 1843or 1844.Dq Li ipv6_prefer 1845is specified, 1846.Xr ip6addrctl 8 1847installs a pre-defined policy table described in Section 10.3 1848.Pq IPv4-preferred 1849or 2.1 1850.Pq IPv6-preferred 1851of RFC 3484. 1852.Pp 1853If 1854.Dq Li AUTO 1855is specified, it attempts to read a file 1856.Pa /etc/ip6addrctl.conf 1857first. 1858If this file is found, 1859.Xr ip6addrctl 8 1860reads and installs it. 1861If not found, a policy is automatically set 1862according to 1863.Va ipv6_activate_all_interfaces 1864variable; if the variable is set to 1865.Dq Li YES 1866the IPv6-preferred one is used. 1867Otherwise IPv4-preferred. 1868.Pp 1869The default value of 1870.Va ip6addrctl_enable 1871and 1872.Va ip6addrctl_policy 1873are 1874.Dq Li YES 1875and 1876.Dq Li AUTO , 1877respectively. 1878.It Va cloned_interfaces 1879.Pq Vt str 1880Set to the list of clonable network interfaces to create on this host. 1881Further cloning arguments may be passed to the 1882.Xr ifconfig 8 1883.Cm create 1884command for each interface by setting the 1885.Va create_args_ Ns Aq Ar interface 1886variable. 1887If an interface name is specified with 1888.Dq :sticky 1889keyword, 1890the interface will not be destroyed even when 1891.Pa rc.d/netif 1892script is invoked with 1893.Dq stop 1894argument. 1895This is useful when reconfiguring the interface without destroying it. 1896Entries in 1897.Va cloned_interfaces 1898are automatically appended to 1899.Va network_interfaces 1900for configuration. 1901.It Va cloned_interfaces_sticky 1902.Pq Vt bool 1903This variable is to globally enable functionality of 1904.Dq :sticky 1905keyword in 1906.Va cloned_interfaces 1907for all interfaces. 1908The default value is 1909.Dq NO . 1910Even if this variable is specified to 1911.Dq YES , 1912.Dq :nosticky 1913keyword can be used to override it on per interface basis. 1914.It Va gif_interfaces 1915Set to the list of 1916.Xr gif 4 1917tunnel interfaces to configure on this host. 1918A 1919.Va gifconfig_ Ns Aq Ar interface 1920variable is assumed to exist for each value of 1921.Ar interface . 1922The value of this variable is used to configure the link layer of the 1923tunnel using the 1924.Cm tunnel 1925option to 1926.Xr ifconfig 8 . 1927Additionally, this option ensures that each listed interface is created 1928via the 1929.Cm create 1930option to 1931.Xr ifconfig 8 1932before attempting to configure it. 1933.Pp 1934For example, configure two 1935.Xr gif 4 1936interfaces with: 1937.Bd -literal 1938gif_interfaces="gif0 gif1" 1939gifconfig_gif0="100.64.0.1 100.64.0.2" 1940ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1941gifconfig_gif1="inet6 2a00::1 2a01::1" 1942ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1943.Ed 1944.It Va ppp_enable 1945.Pq Vt bool 1946If set to 1947.Dq Li YES , 1948run the 1949.Xr ppp 8 1950daemon. 1951.It Va ppp_profile 1952.Pq Vt str 1953The name of the profile to use from 1954.Pa /etc/ppp/ppp.conf . 1955Also used for per-profile overrides of 1956.Va ppp_mode 1957and 1958.Va ppp_nat , 1959and 1960.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1961When the profile name contains any of the characters 1962.Dq Li .-/+ 1963they are translated to 1964.Dq Li _ 1965for the proposes of the override variable names. 1966.It Va ppp_mode 1967.Pq Vt str 1968Mode in which to run the 1969.Xr ppp 8 1970daemon. 1971.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1972.Pq Vt str 1973Overrides the global 1974.Va ppp_mode 1975for 1976.Ar profile . 1977Accepted modes are 1978.Dq Li auto , 1979.Dq Li ddial , 1980.Dq Li direct 1981and 1982.Dq Li dedicated . 1983See the manual for a full description. 1984.It Va ppp_nat 1985.Pq Vt bool 1986If set to 1987.Dq Li YES , 1988enables network address translation. 1989Used in conjunction with 1990.Va gateway_enable 1991allows hosts on private network addresses access to the Internet using 1992this host as a network address translating router. 1993Default is 1994.Dq Li YES . 1995.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1996.Pq Vt str 1997Overrides the global 1998.Va ppp_nat 1999for 2000.Ar profile . 2001.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2002.Pq Vt int 2003Set the unit number to be used for this profile. 2004See the manual description of 2005.Fl unit Ns Ar N 2006for details. 2007.It Va ppp_user 2008.Pq Vt str 2009The name of the user under which 2010.Xr ppp 8 2011should be started. 2012By 2013default, 2014.Xr ppp 8 2015is started as 2016.Dq Li root . 2017.It Va rc_conf_files 2018.Pq Vt str 2019This option is used to specify a list of files that will override 2020the settings in 2021.Pa /etc/defaults/rc.conf . 2022The files will be read in the order in which they are specified and should 2023include the full path to the file. 2024By default, the files specified are 2025.Pa /etc/rc.conf 2026and 2027.Pa /etc/rc.conf.local 2028.It Va zfs_enable 2029.Pq Vt bool 2030If set to 2031.Dq Li YES , 2032.Pa /etc/rc.d/zfs 2033will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2034(ZVOLs). 2035.It Va gptboot_enable 2036.Pq Vt bool 2037If set to 2038.Dq Li YES , 2039.Pa /etc/rc.d/gptboot 2040will log if the system successfully (or not) booted from a GPT partition, 2041which had the 2042.Ar bootonce 2043attribute set using 2044.Xr gpart 8 2045utility. 2046.It Va gbde_autoattach_all 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050.Pa /etc/rc.d/gbde 2051will attempt to automatically initialize your .bde devices in 2052.Pa /etc/fstab . 2053.It Va gbde_devices 2054.Pq Vt str 2055List the devices that the script should try to attach, 2056or 2057.Dq Li AUTO . 2058.It Va gbde_lockdir 2059.Pq Vt str 2060The directory where the 2061.Xr gbde 4 2062lockfiles are located. 2063The default lockfile directory is 2064.Pa /etc . 2065.Pp 2066The lockfile for each individual 2067.Xr gbde 4 2068device can be overridden by setting the variable 2069.Va gbde_lock_ Ns Aq Ar device , 2070where 2071.Ar device 2072is the encrypted device without the 2073.Dq Pa /dev/ 2074and 2075.Dq Pa .bde 2076parts. 2077.It Va gbde_attach_attempts 2078.Pq Vt int 2079Number of times to attempt attaching to a 2080.Xr gbde 4 2081device, i.e., how many times the user is asked for the pass-phrase. 2082Default is 3. 2083.It Va geli_devices 2084.Pq Vt str 2085List of devices to automatically attach on boot. 2086Note that .eli devices from 2087.Pa /etc/fstab 2088are automatically appended to this list. 2089.It Va geli_groups 2090.Pq Vt str 2091List of groups containing devices to automatically attach on boot with the same 2092keyfiles and passphrase. 2093This must be accompanied with a corresponding 2094.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2095variable. 2096.It Va geli_tries 2097.Pq Vt int 2098Number of times user is asked for the pass-phrase. 2099If empty, it will be taken from 2100.Va kern.geom.eli.tries 2101sysctl variable. 2102.It Va geli_default_flags 2103.Pq Vt str 2104Default flags to use by 2105.Xr geli 8 2106when configuring disk encryption. 2107Flags can be configured for every device separately by defining the 2108.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2109variable, and for every group separately by defining the 2110.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2111variable. 2112.It Va geli_autodetach 2113.Pq Vt str 2114Specifies if GELI devices should be marked for detach on last close after 2115file systems are mounted. 2116Default is 2117.Dq Li YES . 2118This can be changed for every device separately by defining the 2119.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2120variable. 2121.It Va root_rw_mount 2122.Pq Vt bool 2123Set to 2124.Dq Li YES 2125by default. 2126After the file systems are checked at boot time, the root file system 2127is remounted as read-write if this is set to 2128.Dq Li YES . 2129Diskless systems that mount their root file system from a read-only remote 2130NFS share should set this to 2131.Dq Li NO 2132in their 2133.Pa rc.conf . 2134.It Va fsck_y_enable 2135.Pq Vt bool 2136If set to 2137.Dq Li YES , 2138.Xr fsck 8 2139will be run with the 2140.Fl y 2141flag if the initial preen 2142of the file systems fails. 2143.It Va background_fsck 2144.Pq Vt bool 2145If set to 2146.Dq Li NO , 2147the system will not attempt to run 2148.Xr fsck 8 2149in the background where possible. 2150.It Va background_fsck_delay 2151.Pq Vt int 2152The amount of time in seconds to sleep before starting a background 2153.Xr fsck 8 . 2154It defaults to sixty seconds to allow large applications such as 2155the X server to start before disk I/O bandwidth is monopolized by 2156.Xr fsck 8 . 2157If set to a negative number, the background file system check will be 2158delayed indefinitely to allow the administrator to run it at a more 2159convenient time. 2160For example it may be run from 2161.Xr cron 8 2162by adding a line like 2163.Pp 2164.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2165.Pp 2166to 2167.Pa /etc/crontab . 2168.It Va netfs_types 2169.Pq Vt str 2170List of file system types that are network-based. 2171This list should generally not be modified by end users. 2172Use 2173.Va extra_netfs_types 2174instead. 2175.It Va extra_netfs_types 2176.Pq Vt str 2177If set to something other than 2178.Dq Li NO 2179(the default), 2180this variable extends the list of file system types 2181for which automatic mounting at startup by 2182.Xr rc 8 2183should be delayed until the network is initialized. 2184It should contain 2185a whitespace-separated list of network file system descriptor pairs, 2186each consisting of a file system type as passed to 2187.Xr mount 8 2188and a human-readable, one-word description, 2189joined with a colon 2190.Pq Ql \&: . 2191Extending the default list in this way is only necessary 2192when third party file system types are used. 2193.It Va syslogd_enable 2194.Pq Vt bool 2195If set to 2196.Dq Li YES , 2197run the 2198.Xr syslogd 8 2199daemon. 2200.It Va syslogd_program 2201.Pq Vt str 2202Path to 2203.Xr syslogd 8 2204(default 2205.Pa /usr/sbin/syslogd ) . 2206.It Va syslogd_flags 2207.Pq Vt str 2208If 2209.Va syslogd_enable 2210is set to 2211.Dq Li YES , 2212these are the flags to pass to 2213.Xr syslogd 8 . 2214.It Va inetd_enable 2215.Pq Vt bool 2216If set to 2217.Dq Li YES , 2218run the 2219.Xr inetd 8 2220daemon. 2221.It Va inetd_program 2222.Pq Vt str 2223Path to 2224.Xr inetd 8 2225(default 2226.Pa /usr/sbin/inetd ) . 2227.It Va inetd_flags 2228.Pq Vt str 2229If 2230.Va inetd_enable 2231is set to 2232.Dq Li YES , 2233these are the flags to pass to 2234.Xr inetd 8 . 2235.It Va hastd_enable 2236.Pq Vt bool 2237If set to 2238.Dq Li YES , 2239run the 2240.Xr hastd 8 2241daemon. 2242.It Va hastd_program 2243.Pq Vt str 2244Path to 2245.Xr hastd 8 2246(default 2247.Pa /sbin/hastd ) . 2248.It Va hastd_flags 2249.Pq Vt str 2250If 2251.Va hastd_enable 2252is set to 2253.Dq Li YES , 2254these are the flags to pass to 2255.Xr hastd 8 . 2256.It Va local_unbound_enable 2257.Pq Vt bool 2258If set to 2259.Dq Li YES , 2260run the 2261.Xr unbound 8 2262daemon as a local caching resolver. 2263.It Va kdc_enable 2264.Pq Vt bool 2265Set to 2266.Dq Li YES 2267to start a Kerberos 5 authentication server 2268at boot time. 2269.It Va kdc_program 2270.Pq Vt str 2271If 2272.Va kdc_enable 2273is set to 2274.Dq Li YES 2275this is the path to Kerberos 5 Authentication Server. 2276.It Va kdc_flags 2277.Pq Vt str 2278Empty by default. 2279This variable contains additional flags to be passed to the Kerberos 5 2280authentication server. 2281.It Va kadmind_enable 2282.Pq Vt bool 2283Set to 2284.Dq Li YES 2285to start 2286.Xr kadmind 8 , 2287the Kerberos 5 Administration Daemon; set to 2288.Dq Li NO 2289on a slave server. 2290.It Va kadmind_program 2291.Pq Vt str 2292If 2293.Va kadmind_enable 2294is set to 2295.Dq Li YES 2296this is the path to Kerberos 5 Administration Daemon. 2297.It Va kpasswdd_enable 2298.Pq Vt bool 2299Set to 2300.Dq Li YES 2301to start 2302.Xr kpasswdd 8 , 2303the Kerberos 5 Password-Changing Daemon; set to 2304.Dq Li NO 2305on a slave server. 2306.It Va kpasswdd_program 2307.Pq Vt str 2308If 2309.Va kpasswdd_enable 2310is set to 2311.Dq Li YES 2312this is the path to Kerberos 5 Password-Changing Daemon. 2313.It Va kfd_enable 2314.Pq Vt bool 2315Set to 2316.Dq Li YES 2317to start 2318.Xr kfd 8 , 2319the Kerberos 5 ticket forwarding daemon, at the boot time. 2320.It Va kfd_program 2321.Pq Vt str 2322Path to 2323.Xr kfd 8 2324(default 2325.Pa /usr/libexec/kfd ) . 2326.It Va rwhod_enable 2327.Pq Vt bool 2328If set to 2329.Dq Li YES , 2330run the 2331.Xr rwhod 8 2332daemon at boot time. 2333.It Va rwhod_flags 2334.Pq Vt str 2335If 2336.Va rwhod_enable 2337is set to 2338.Dq Li YES , 2339these are the flags to pass to it. 2340.It Va update_motd 2341.Pq Vt bool 2342If set to 2343.Dq Li YES , 2344.Pa /etc/motd 2345will be updated at boot time to reflect the kernel release 2346being run. 2347If set to 2348.Dq Li NO , 2349.Pa /etc/motd 2350will not be updated. 2351.It Va nfs_client_enable 2352.Pq Vt bool 2353If set to 2354.Dq Li YES , 2355run the NFS client daemons at boot time. 2356.It Va nfs_access_cache 2357.Pq Vt int 2358If 2359.Va nfs_client_enable 2360is set to 2361.Dq Li YES , 2362this can be set to 2363.Dq Li 0 2364to disable NFS ACCESS RPC caching, or to the number of seconds for which 2365NFS ACCESS 2366results should be cached. 2367A value of 2-10 seconds will substantially reduce network 2368traffic for many NFS operations. 2369.It Va nfs_server_enable 2370.Pq Vt bool 2371If set to 2372.Dq Li YES , 2373run the NFS server daemons at boot time. 2374.It Va nfs_server_flags 2375.Pq Vt str 2376If 2377.Va nfs_server_enable 2378is set to 2379.Dq Li YES , 2380these are the flags to pass to the 2381.Xr nfsd 8 2382daemon. 2383.It Va nfsv4_server_enable 2384.Pq Vt bool 2385If 2386.Va nfs_server_enable 2387is set to 2388.Dq Li YES 2389and 2390.Va nfsv4_server_enable 2391is set to 2392.Dq Li YES , 2393enable the server for NFSv4 as well as NFSv2 and NFSv3. 2394.It Va nfsv4_server_only 2395.Pq Vt bool 2396If 2397.Va nfs_server_enable 2398is set to 2399.Dq Li YES 2400and 2401.Va nfsv4_server_only 2402is set to 2403.Dq Li YES , 2404enable the NFS server for NFSv4 only. 2405.It Va nfs_server_maxio 2406.Pq Vt int 2407value to set vfs.nfsd.srvmaxio to, which is the 2408maximum I/O size for the NFS server. 2409.It Va tlsclntd_enable 2410.Pq Vt bool 2411If set to 2412.Dq Li YES , 2413run the 2414.Xr rpc.tlsclntd 8 2415daemon, which is needed for NFS-over-TLS NFS mounts. 2416.It Va tlsservd_enable 2417.Pq Vt bool 2418If set to 2419.Dq Li YES , 2420run the 2421.Xr rpc.tlsservd 8 2422daemon, which is needed for the 2423.Xr nfsd 8 2424to support NFS-over-TLS NFS mounts. 2425.It Va nfsuserd_enable 2426.Pq Vt bool 2427If 2428.Va nfsuserd_enable 2429is set to 2430.Dq Li YES , 2431run the nfsuserd daemon, which is needed for NFSv4 in order 2432to map between user/group names vs uid/gid numbers. 2433If 2434.Va nfsv4_server_enable 2435is set to 2436.Dq Li YES , 2437this will be forced enabled. 2438.It Va nfsuserd_flags 2439.Pq Vt str 2440If 2441.Va nfsuserd_enable 2442is set to 2443.Dq Li YES , 2444these are the flags to pass to the 2445.Xr nfsuserd 8 2446daemon. 2447.It Va nfscbd_enable 2448.Pq Vt bool 2449If 2450.Va nfscbd_enable 2451is set to 2452.Dq Li YES , 2453run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2454.It Va nfscbd_flags 2455.Pq Vt str 2456If 2457.Va nfscbd_enable 2458is set to 2459.Dq Li YES , 2460these are the flags to pass to the 2461.Xr nfscbd 8 2462daemon. 2463.It Va mountd_enable 2464.Pq Vt bool 2465If set to 2466.Dq Li YES , 2467and no 2468.Va nfs_server_enable 2469is set, start 2470.Xr mountd 8 , 2471but not 2472.Xr nfsd 8 2473daemon. 2474It is commonly needed to run CFS without real NFS used. 2475.It Va mountd_flags 2476.Pq Vt str 2477If 2478.Va mountd_enable 2479is set to 2480.Dq Li YES , 2481these are the flags to pass to the 2482.Xr mountd 8 2483daemon. 2484.It Va weak_mountd_authentication 2485.Pq Vt bool 2486If set to 2487.Dq Li YES , 2488allow services like PCNFSD to make non-privileged mount 2489requests. 2490.It Va nfs_reserved_port_only 2491.Pq Vt bool 2492If set to 2493.Dq Li YES , 2494provide NFS services only on a secure port. 2495.It Va nfs_bufpackets 2496.Pq Vt int 2497If set to a number, indicates the number of packets worth of 2498socket buffer space to reserve on an NFS client. 2499The kernel default is typically 4. 2500Using a higher number may be 2501useful on gigabit networks to improve performance. 2502The minimum value is 25032 and the maximum is 64. 2504.It Va rpc_lockd_enable 2505.Pq Vt bool 2506If set to 2507.Dq Li YES 2508and also an NFS server or client, run 2509.Xr rpc.lockd 8 2510at boot time. 2511.It Va rpc_lockd_flags 2512.Pq Vt str 2513If 2514.Va rpc_lockd_enable 2515is set to 2516.Dq Li YES , 2517these are the flags to pass to the 2518.Xr rpc.lockd 8 2519daemon. 2520.It Va rpc_statd_enable 2521.Pq Vt bool 2522If set to 2523.Dq Li YES 2524and also an NFS server or client, run 2525.Xr rpc.statd 8 2526at boot time. 2527.It Va rpc_statd_flags 2528.Pq Vt str 2529If 2530.Va rpc_statd_enable 2531is set to 2532.Dq Li YES , 2533these are the flags to pass to the 2534.Xr rpc.statd 8 2535daemon. 2536.It Va rpcbind_program 2537.Pq Vt str 2538Path to 2539.Xr rpcbind 8 2540(default 2541.Pa /usr/sbin/rpcbind ) . 2542.It Va rpcbind_enable 2543.Pq Vt bool 2544If set to 2545.Dq Li YES , 2546run the 2547.Xr rpcbind 8 2548service at boot time. 2549.It Va rpcbind_flags 2550.Pq Vt str 2551If 2552.Va rpcbind_enable 2553is set to 2554.Dq Li YES , 2555these are the flags to pass to the 2556.Xr rpcbind 8 2557daemon. 2558.It Va keyserv_enable 2559.Pq Vt bool 2560If set to 2561.Dq Li YES , 2562run the 2563.Xr keyserv 8 2564daemon on boot for running Secure RPC. 2565.It Va keyserv_flags 2566.Pq Vt str 2567If 2568.Va keyserv_enable 2569is set to 2570.Dq Li YES , 2571these are the flags to pass to 2572.Xr keyserv 8 2573daemon. 2574.It Va pppoed_enable 2575.Pq Vt bool 2576If set to 2577.Dq Li YES , 2578run the 2579.Xr pppoed 8 2580daemon at boot time to provide PPP over Ethernet services. 2581.It Va pppoed_ Ns Aq Ar provider 2582.Pq Vt str 2583.Xr pppoed 8 2584listens to requests to this 2585.Ar provider 2586and ultimately runs 2587.Xr ppp 8 2588with a 2589.Ar system 2590argument of the same name. 2591.It Va pppoed_flags 2592.Pq Vt str 2593Additional flags to pass to 2594.Xr pppoed 8 . 2595.It Va pppoed_interface 2596.Pq Vt str 2597The network interface to run 2598.Xr pppoed 8 2599on. 2600This is mandatory when 2601.Va pppoed_enable 2602is set to 2603.Dq Li YES . 2604.It Va ntpdate_enable 2605.Pq Vt bool 2606If set to 2607.Dq Li YES , 2608run 2609.Xr ntpdate 8 2610at system startup. 2611This command is intended to 2612synchronize the system clock only 2613.Em once 2614from some standard reference. 2615.Pp 2616Note that the use of the 2617.Va ntpd_sync_on_start 2618variable is a preferred alternative to the 2619.Xr ntpdate 8 2620utility as 2621.Xr ntpdate 8 2622is to be retired from the NTP distribution. 2623.It Va ntpdate_config 2624.Pq Vt str 2625Configuration file for 2626.Xr ntpdate 8 . 2627Default 2628.Pa /etc/ntp.conf . 2629.It Va ntpdate_hosts 2630.Pq Vt str 2631A whitespace-separated list of NTP servers to synchronize with at startup. 2632The default is to use the servers listed in 2633.Va ntpdate_config , 2634if that file exists. 2635.It Va ntpdate_program 2636.Pq Vt str 2637Path to 2638.Xr ntpdate 8 2639(default 2640.Pa /usr/sbin/ntpdate ) . 2641.It Va ntpdate_flags 2642.Pq Vt str 2643If 2644.Va ntpdate_enable 2645is set to 2646.Dq Li YES , 2647these are the flags to pass to the 2648.Xr ntpdate 8 2649command (typically a hostname). 2650.It Va ntpd_enable 2651.Pq Vt bool 2652If set to 2653.Dq Li YES , 2654run the 2655.Xr ntpd 8 2656command at boot time. 2657.It Va ntpd_program 2658.Pq Vt str 2659Path to 2660.Xr ntpd 8 2661(default 2662.Pa /usr/sbin/ntpd ) . 2663.It Va ntpd_config 2664.Pq Vt str 2665Path to 2666.Xr ntpd 8 2667configuration file. 2668Default 2669.Pa /etc/ntp.conf . 2670.It Va ntpd_flags 2671.Pq Vt str 2672If 2673.Va ntpd_enable 2674is set to 2675.Dq Li YES , 2676these are the flags to pass to the 2677.Xr ntpd 8 2678daemon. 2679.It Va ntpd_sync_on_start 2680.Pq Vt bool 2681If set to 2682.Dq Li YES , 2683.Xr ntpd 8 2684is run with the 2685.Fl g 2686flag, which syncs the system's clock on startup. 2687See 2688.Xr ntpd 8 2689for more information regarding the 2690.Fl g 2691option. 2692This is a preferred alternative to using 2693.Xr ntpdate 8 2694or specifying the 2695.Va ntpdate_enable 2696variable. 2697.It Va nis_client_enable 2698.Pq Vt bool 2699If set to 2700.Dq Li YES , 2701run the 2702.Xr ypbind 8 2703service at system boot time. 2704.It Va nis_client_flags 2705.Pq Vt str 2706If 2707.Va nis_client_enable 2708is set to 2709.Dq Li YES , 2710these are the flags to pass to the 2711.Xr ypbind 8 2712service. 2713.It Va nis_ypldap_enable 2714.Pq Vt bool 2715If set to 2716.Dq Li YES , 2717run the 2718.Xr ypldap 8 2719daemon at system boot time. 2720.It Va nis_ypldap_flags 2721.Pq Vt str 2722If 2723.Va nis.ypldap_enable 2724is set to 2725.Dq Li YES , 2726these are the flags to pass to the 2727.Xr ypldap 8 2728daemon. 2729.It Va nis_ypset_enable 2730.Pq Vt bool 2731If set to 2732.Dq Li YES , 2733run the 2734.Xr ypset 8 2735daemon at system boot time. 2736.It Va nis_ypset_flags 2737.Pq Vt str 2738If 2739.Va nis_ypset_enable 2740is set to 2741.Dq Li YES , 2742these are the flags to pass to the 2743.Xr ypset 8 2744daemon. 2745.It Va nis_server_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Xr ypserv 8 2751daemon at system boot time. 2752.It Va nis_server_flags 2753.Pq Vt str 2754If 2755.Va nis_server_enable 2756is set to 2757.Dq Li YES , 2758these are the flags to pass to the 2759.Xr ypserv 8 2760daemon. 2761.It Va nis_ypxfrd_enable 2762.Pq Vt bool 2763If set to 2764.Dq Li YES , 2765run the 2766.Xr rpc.ypxfrd 8 2767daemon at system boot time. 2768.It Va nis_ypxfrd_flags 2769.Pq Vt str 2770If 2771.Va nis_ypxfrd_enable 2772is set to 2773.Dq Li YES , 2774these are the flags to pass to the 2775.Xr rpc.ypxfrd 8 2776daemon. 2777.It Va nis_yppasswdd_enable 2778.Pq Vt bool 2779If set to 2780.Dq Li YES , 2781run the 2782.Xr rpc.yppasswdd 8 2783daemon at system boot time. 2784.It Va nis_yppasswdd_flags 2785.Pq Vt str 2786If 2787.Va nis_yppasswdd_enable 2788is set to 2789.Dq Li YES , 2790these are the flags to pass to the 2791.Xr rpc.yppasswdd 8 2792daemon. 2793.It Va rpc_ypupdated_enable 2794.Pq Vt bool 2795If set to 2796.Dq Li YES , 2797run the 2798.Nm rpc.ypupdated 2799daemon at system boot time. 2800.It Va bsnmpd_enable 2801.Pq Vt bool 2802If set to 2803.Dq Li YES , 2804run the 2805.Xr bsnmpd 1 2806daemon at system boot time. 2807Be sure to understand the security implications of running SNMP daemon 2808on your host. 2809.It Va bsnmpd_flags 2810.Pq Vt str 2811If 2812.Va bsnmpd_enable 2813is set to 2814.Dq Li YES , 2815these are the flags to pass to the 2816.Xr bsnmpd 1 2817daemon. 2818.It Va defaultrouter 2819.Pq Vt str 2820If not set to 2821.Dq Li NO , 2822create a default route to this host name or IP address 2823(use an IP address if this router is also required to get to the 2824name server!). 2825.It Va defaultrouter_fibN 2826.Pq Vt str 2827If not set to 2828.Dq Li NO , 2829create a default route in FIB N to this host name or IP address. 2830.It Va ipv6_defaultrouter 2831.Pq Vt str 2832The IPv6 equivalent of 2833.Va defaultrouter . 2834.It Va ipv6_defaultrouter_fibN 2835.Pq Vt str 2836The IPv6 equivalent of 2837.Va defaultrouter_fibN . 2838.It Va static_arp_pairs 2839.Pq Vt str 2840Set to the list of static ARP pairs that are to be added at system 2841boot time. 2842For each whitespace separated 2843.Ar element 2844in the value, a 2845.Va static_arp_ Ns Aq Ar element 2846variable is assumed to exist whose contents will later be passed to a 2847.Dq Nm arp Cm -S 2848operation. 2849For example 2850.Bd -literal 2851static_arp_pairs="gw" 2852static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2853.Ed 2854.It Va static_ndp_pairs 2855.Pq Vt str 2856Set to the list of static NDP pairs that are to be added at system 2857boot time. 2858For each whitespace separated 2859.Ar element 2860in the value, a 2861.Va static_ndp_ Ns Aq Ar element 2862variable is assumed to exist whose contents will later be passed to a 2863.Dq Nm ndp Cm -s 2864operation. 2865For example 2866.Bd -literal 2867static_ndp_pairs="gw" 2868static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2869.Ed 2870.It Va static_routes 2871.Pq Vt str 2872Set to the list of static routes that are to be added at system 2873boot time. 2874If not set to 2875.Dq Li NO 2876then for each whitespace separated 2877.Ar element 2878in the value, a 2879.Va route_ Ns Aq Ar element 2880variable is assumed to exist 2881whose contents will later be passed to a 2882.Dq Nm route Cm add 2883operation. 2884For example: 2885.Bd -literal 2886static_routes="ext mcast:gif0 gif0local:gif0" 2887route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2888route_mcast="-net 224.0.0.0/4 -iface gif0" 2889route_gif0local="-host 169.254.1.1 -iface lo0" 2890.Ed 2891.Pp 2892When an 2893.Ar element 2894is in the form of 2895.Li name:ifname , 2896the route is specific to the interface 2897.Li ifname . 2898.It Va ipv6_static_routes 2899.Pq Vt str 2900The IPv6 equivalent of 2901.Va static_routes . 2902If not set to 2903.Dq Li NO 2904then for each whitespace separated 2905.Ar element 2906in the value, a 2907.Va ipv6_route_ Ns Aq Ar element 2908variable is assumed to exist 2909whose contents will later be passed to a 2910.Dq Nm route Cm add Fl inet6 2911operation. 2912.It Va gateway_enable 2913.Pq Vt bool 2914If set to 2915.Dq Li YES , 2916configure host to act as an IP router, e.g.\& to forward packets 2917between interfaces. 2918.It Va ipv6_gateway_enable 2919.Pq Vt bool 2920The IPv6 equivalent of 2921.Va gateway_enable . 2922.It Va routed_enable 2923.Pq Vt bool 2924If set to 2925.Dq Li YES , 2926run a routing daemon of some sort, based on the 2927settings of 2928.Va routed_program 2929and 2930.Va routed_flags . 2931.It Va route6d_enable 2932.Pq Vt bool 2933The IPv6 equivalent of 2934.Va routed_enable . 2935If set to 2936.Dq Li YES , 2937run a routing daemon of some sort, based on the 2938settings of 2939.Va route6d_program 2940and 2941.Va route6d_flags . 2942.It Va routed_program 2943.Pq Vt str 2944If 2945.Va routed_enable 2946is set to 2947.Dq Li YES , 2948this is the name of the routing daemon to use. 2949.It Va route6d_program 2950.Pq Vt str 2951The IPv6 equivalent of 2952.Va routed_program . 2953.It Va routed_flags 2954.Pq Vt str 2955If 2956.Va routed_enable 2957is set to 2958.Dq Li YES , 2959these are the flags to pass to the routing daemon. 2960.It Va route6d_flags 2961.Pq Vt str 2962The IPv6 equivalent of 2963.Va routed_flags . 2964.It Va rtadvd_enable 2965.Pq Vt bool 2966If set to 2967.Dq Li YES , 2968run the 2969.Xr rtadvd 8 2970daemon at boot time. 2971The 2972.Xr rtadvd 8 2973utility sends ICMPv6 Router Advertisement messages to 2974the interfaces specified in 2975.Va rtadvd_interfaces . 2976This should only be enabled with great care. 2977You may want to fine-tune 2978.Xr rtadvd.conf 5 . 2979.It Va rtadvd_interfaces 2980.Pq Vt str 2981If 2982.Va rtadvd_enable 2983is set to 2984.Dq Li YES 2985this is the list of interfaces to use. 2986.It Va arpproxy_all 2987.Pq Vt bool 2988If set to 2989.Dq Li YES , 2990enable global proxy ARP. 2991.It Va forward_sourceroute 2992.Pq Vt bool 2993If set to 2994.Dq Li YES 2995and 2996.Va gateway_enable 2997is also set to 2998.Dq Li YES , 2999source-routed packets are forwarded. 3000.It Va accept_sourceroute 3001.Pq Vt bool 3002If set to 3003.Dq Li YES , 3004the system will accept source-routed packets directed at it. 3005.It Va rarpd_enable 3006.Pq Vt bool 3007If set to 3008.Dq Li YES , 3009run the 3010.Xr rarpd 8 3011daemon at system boot time. 3012.It Va rarpd_flags 3013.Pq Vt str 3014If 3015.Va rarpd_enable 3016is set to 3017.Dq Li YES , 3018these are the flags to pass to the 3019.Xr rarpd 8 3020daemon. 3021.It Va bootparamd_enable 3022.Pq Vt bool 3023If set to 3024.Dq Li YES , 3025run the 3026.Xr bootparamd 8 3027daemon at system boot time. 3028.It Va bootparamd_flags 3029.Pq Vt str 3030If 3031.Va bootparamd_enable 3032is set to 3033.Dq Li YES , 3034these are the flags to pass to the 3035.Xr bootparamd 8 3036daemon. 3037.It Va stf_interface_ipv4addr 3038.Pq Vt str 3039If not set to 3040.Dq Li NO , 3041this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3042interface). 3043Specify this entry to enable the 6to4 interface. 3044.It Va stf_interface_ipv4plen 3045.Pq Vt int 3046Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3047An effective value is 0-31. 3048.It Va stf_interface_ipv6_ifid 3049.Pq Vt str 3050IPv6 interface ID for 3051.Xr stf 4 . 3052This can be set to 3053.Dq Li AUTO . 3054.It Va stf_interface_ipv6_slaid 3055.Pq Vt str 3056IPv6 Site Level Aggregator for 3057.Xr stf 4 . 3058.It Va ipv6_ipv4mapping 3059.Pq Vt bool 3060If set to 3061.Dq Li YES 3062this enables IPv4 mapped IPv6 address communication (like 3063.Li ::ffff:a.b.c.d ) . 3064.It Va rtsold_enable 3065.Pq Vt bool 3066Set to 3067.Dq Li YES 3068to enable the 3069.Xr rtsold 8 3070daemon to send ICMPv6 Router Solicitation messages. 3071.It Va rtsold_flags 3072.Pq Vt str 3073If 3074.Va rtsold_enable 3075is set to 3076.Dq Li YES , 3077these are the flags to pass to 3078.Xr rtsold 8 . 3079.It Va rtsol_flags 3080.Pq Vt str 3081For interfaces configured with the 3082.Dq Li inet6 accept_rtadv 3083keyword, these are the flags to pass to 3084.Xr rtsol 8 . 3085.Pp 3086Note that 3087.Va rtsold_enable 3088is mutually exclusive to 3089.Va rtsol_flags ; 3090.Va rtsold_enable 3091takes precedence. 3092.It Va keybell 3093.Pq Vt str 3094The keyboard bell sound. 3095Set to 3096.Dq Li normal , 3097.Dq Li visual , 3098.Dq Li off , 3099or 3100.Dq Li NO 3101if the default behavior is desired. 3102For details, refer to the 3103.Xr kbdcontrol 1 3104manpage. 3105.It Va keyboard 3106.Pq Vt str 3107If set to a non-null string, the virtual console's keyboard input is 3108set to this device. 3109.It Va keymap 3110.Pq Vt str 3111If set to 3112.Dq Li NO , 3113no keymap is installed, otherwise the value is used to install 3114the keymap file found in 3115.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3116(if using 3117.Xr syscons 4 ) or 3118.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3119(if using 3120.Xr vt 4 ) . 3121.It Va keyrate 3122.Pq Vt str 3123The keyboard repeat speed. 3124Set to 3125.Dq Li slow , 3126.Dq Li normal , 3127.Dq Li fast , 3128or 3129.Dq Li NO 3130if the default behavior is desired. 3131.It Va keychange 3132.Pq Vt str 3133If not set to 3134.Dq Li NO , 3135attempt to program the function keys with the value. 3136The value should 3137be a single string of the form: 3138.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3139.It Va cursor 3140.Pq Vt str 3141Can be set to the value of 3142.Dq Li normal , 3143.Dq Li blink , 3144.Dq Li destructive , 3145or 3146.Dq Li NO 3147to set the cursor behavior explicitly or choose the default behavior. 3148.It Va scrnmap 3149.Pq Vt str 3150If set to 3151.Dq Li NO , 3152no screen map is installed, otherwise the value is used to install 3153the screen map file in 3154.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3155This parameter is ignored when using 3156.Xr vt 4 3157as the console driver. 3158.It Va font8x16 3159.Pq Vt str 3160If set to 3161.Dq Li NO , 3162the default 8x16 font value is used for screen size requests, otherwise 3163the value in 3164.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3165or 3166.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3167is used (depending on the console driver being used). 3168.It Va font8x14 3169.Pq Vt str 3170If set to 3171.Dq Li NO , 3172the default 8x14 font value is used for screen size requests, otherwise 3173the value in 3174.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3175or 3176.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3177is used (depending on the console driver being used). 3178.It Va font8x8 3179.Pq Vt str 3180If set to 3181.Dq Li NO , 3182the default 8x8 font value is used for screen size requests, otherwise 3183the value in 3184.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3185or 3186.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3187is used (depending on the console driver being used). 3188.It Va blanktime 3189.Pq Vt int 3190If set to 3191.Dq Li NO , 3192the default screen blanking interval is used, otherwise it is set 3193to 3194.Ar value 3195seconds. 3196.It Va saver 3197.Pq Vt str 3198If not set to 3199.Dq Li NO , 3200this is the actual screen saver to use 3201.Li ( blank , snake , daemon , 3202etc). 3203.It Va moused_nondefault_enable 3204.Pq Vt str 3205If set to 3206.Dq Li NO , 3207the mouse device specified on 3208the command line is not automatically treated as enabled by the 3209.Pa /etc/rc.d/moused 3210script. 3211Having this variable set to 3212.Dq Li YES 3213allows a 3214.Xr usb 4 3215mouse, 3216for example, 3217to be enabled as soon as it is plugged in. 3218.It Va moused_enable 3219.Pq Vt str 3220If set to 3221.Dq Li YES , 3222the 3223.Xr moused 8 3224daemon is started for doing cut/paste selection on the console. 3225.It Va moused_type 3226.Pq Vt str 3227This is the protocol type of the mouse connected to this host. 3228This variable must be set if 3229.Va moused_enable 3230is set to 3231.Dq Li YES . 3232The 3233.Xr moused 8 3234daemon 3235is able to detect the appropriate mouse type automatically in many cases. 3236Set this variable to 3237.Dq Li auto 3238to let the daemon detect it, or 3239select one from the following list if the automatic detection fails. 3240.Pp 3241If the mouse is attached to the PS/2 mouse port, choose 3242.Dq Li auto 3243or 3244.Dq Li ps/2 , 3245regardless of the brand and model of the mouse. 3246Likewise, if the 3247mouse is attached to the bus mouse port, choose 3248.Dq Li auto 3249or 3250.Dq Li busmouse . 3251All other protocols are for serial mice and will not work with 3252the PS/2 and bus mice. 3253If this is a USB mouse, 3254.Dq Li auto 3255is the only protocol type which will work. 3256.Pp 3257.Bl -tag -width ".Li x10mouseremote" -compact 3258.It Li microsoft 3259Microsoft mouse (serial) 3260.It Li intellimouse 3261Microsoft IntelliMouse (serial) 3262.It Li mousesystems 3263Mouse systems Corp.\& mouse (serial) 3264.It Li mmseries 3265MM Series mouse (serial) 3266.It Li logitech 3267Logitech mouse (serial) 3268.It Li busmouse 3269A bus mouse 3270.It Li mouseman 3271Logitech MouseMan and TrackMan (serial) 3272.It Li glidepoint 3273ALPS GlidePoint (serial) 3274.It Li thinkingmouse 3275Kensington ThinkingMouse (serial) 3276.It Li ps/2 3277PS/2 mouse 3278.It Li mmhittab 3279MM HitTablet (serial) 3280.It Li x10mouseremote 3281X10 MouseRemote (serial) 3282.It Li versapad 3283Interlink VersaPad (serial) 3284.El 3285.Pp 3286Even if the mouse is not in the above list, it may be compatible 3287with one in the list. 3288Refer to the manual page for 3289.Xr moused 8 3290for compatibility information. 3291.Pp 3292It should also be noted that while this is enabled, any 3293other client of the mouse (such as an X server) should access 3294the mouse through the virtual mouse device, 3295.Pa /dev/sysmouse , 3296and configure it as a 3297.Dq Li sysmouse 3298type mouse, since all 3299mouse data is converted to this single canonical format when 3300using 3301.Xr moused 8 . 3302If the client program does not support the 3303.Dq Li sysmouse 3304type, 3305specify the 3306.Dq Li mousesystems 3307type. 3308It is the second preferred type. 3309.It Va moused_port 3310.Pq Vt str 3311If 3312.Va moused_enable 3313is set to 3314.Dq Li YES , 3315this is the actual port the mouse is on. 3316It might be 3317.Pa /dev/cuau0 3318for a COM1 serial mouse, or 3319.Pa /dev/psm0 3320for a PS/2 mouse, for example. 3321.It Va moused_flags 3322.Pq Vt str 3323If 3324.Va moused_flags 3325is set, its value is used as an additional set of flags to pass to the 3326.Xr moused 8 3327daemon. 3328.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3329When 3330.Va moused_nondefault_enable 3331is enabled, and a 3332.Xr moused 8 3333daemon is started for a non-default port, the 3334.Va "moused_" Ns Ar XXX Ns Va "_flags" 3335set of options has precedence over and replaces the default 3336.Va moused_flags 3337(where 3338.Ar XXX 3339is the name of the non-default port, i.e.,\& 3340.Ar ums0 ) . 3341By setting 3342.Va "moused_" Ns Ar XXX Ns Va "_flags" 3343it is possible to set up a different set of default flags for each 3344.Xr moused 8 3345instance. 3346For example, you can use 3347.Dq Li "-3" 3348for the default 3349.Va moused_flags 3350to make your laptop's touchpad more comfortable to use, 3351but an empty set of options for 3352.Va moused_ums0_flags 3353when your 3354.Xr usb 4 3355mouse has three or more buttons. 3356.It Va mousechar_start 3357.Pq Vt int 3358If set to 3359.Dq Li NO , 3360the default mouse cursor character range 3361.Li 0xd0 Ns - Ns Li 0xd3 3362is used, 3363otherwise the range start is set 3364to 3365.Ar value 3366character, see 3367.Xr vidcontrol 1 . 3368Use if the default range is occupied in the language code table. 3369.It Va allscreens_flags 3370.Pq Vt str 3371If set, 3372.Xr vidcontrol 1 3373is run with these options for each of the virtual terminals 3374.Pq Pa /dev/ttyv* . 3375For example, 3376.Dq Fl m Cm on 3377will enable the mouse pointer on all virtual terminals 3378if 3379.Va moused_enable 3380is set to 3381.Dq Li YES . 3382.It Va allscreens_kbdflags 3383.Pq Vt str 3384If set, 3385.Xr kbdcontrol 1 3386is run with these options for each of the virtual terminals 3387.Pq Pa /dev/ttyv* . 3388For example, 3389.Dq Fl h Li 200 3390will set the 3391.Xr syscons 4 3392or 3393.Xr vt 4 3394scrollback (history) buffer to 200 lines. 3395.It Va cron_enable 3396.Pq Vt bool 3397If set to 3398.Dq Li YES , 3399run the 3400.Xr cron 8 3401daemon at system boot time. 3402.It Va cron_program 3403.Pq Vt str 3404Path to 3405.Xr cron 8 3406(default 3407.Pa /usr/sbin/cron ) . 3408.It Va cron_flags 3409.Pq Vt str 3410If 3411.Va cron_enable 3412is set to 3413.Dq Li YES , 3414these are the flags to pass to 3415.Xr cron 8 . 3416.It Va cron_dst 3417.Pq Vt bool 3418If set to 3419.Dq Li YES , 3420enable the special handling of transitions to and from the 3421Daylight Saving Time in 3422.Xr cron 8 3423(equivalent to using the flag 3424.Fl s ) . 3425.It Va lpd_program 3426.Pq Vt str 3427Path to 3428.Xr lpd 8 3429(default 3430.Pa /usr/sbin/lpd ) . 3431.It Va lpd_enable 3432.Pq Vt bool 3433If set to 3434.Dq Li YES , 3435run the 3436.Xr lpd 8 3437daemon at system boot time. 3438.It Va lpd_flags 3439.Pq Vt str 3440If 3441.Va lpd_enable 3442is set to 3443.Dq Li YES , 3444these are the flags to pass to the 3445.Xr lpd 8 3446daemon. 3447.It Va chkprintcap_enable 3448.Pq Vt bool 3449If set to 3450.Dq Li YES , 3451run the 3452.Xr chkprintcap 8 3453command before starting the 3454.Xr lpd 8 3455daemon. 3456.It Va chkprintcap_flags 3457.Pq Vt str 3458If 3459.Va lpd_enable 3460and 3461.Va chkprintcap_enable 3462are set to 3463.Dq Li YES , 3464these are the flags to pass to the 3465.Xr chkprintcap 8 3466program. 3467The default is 3468.Dq Li -d , 3469which causes missing directories to be created. 3470.It Va mta_start_script 3471.Pq Vt str 3472This variable specifies the full path to the script to run to start 3473a mail transfer agent. 3474The default is 3475.Pa /etc/rc.sendmail . 3476The 3477.Va sendmail_* 3478variables which 3479.Pa /etc/rc.sendmail 3480uses are documented in the 3481.Xr rc.sendmail 8 3482manual page. 3483.It Va dumpdev 3484.Pq Vt str 3485Indicates the device (usually a swap partition) to which a crash dump 3486should be written in the event of a system crash. 3487If the value of this variable is 3488.Dq Li AUTO , 3489the first suitable swap device listed in 3490.Pa /etc/fstab 3491will be used as dump device. 3492Otherwise, the value of this variable is passed as the argument to 3493.Xr dumpon 8 3494and 3495.Xr savecore 8 . 3496To disable crash dumps, set this variable to 3497.Dq Li NO . 3498.It Va dumpon_flags 3499.Pq Vt str 3500Flags to pass to 3501.Xr dumpon 8 3502when configuring 3503.Va dumpdev 3504as the system dump device. 3505.It Va dumpdir 3506.Pq Vt str 3507When the system reboots after a crash and a crash dump is found on the 3508device specified by the 3509.Va dumpdev 3510variable, 3511.Xr savecore 8 3512will save that crash dump and a copy of the kernel to the directory 3513specified by the 3514.Va dumpdir 3515variable. 3516The default value is 3517.Pa /var/crash . 3518Set to 3519.Dq Li NO 3520to not run 3521.Xr savecore 8 3522at boot time when 3523.Va dumpdir 3524is set. 3525.It Va savecore_enable 3526.Pq Vt bool 3527If set to 3528.Dq Li NO , 3529disable automatic extraction of the crash dump from the 3530.Va dumpdev . 3531.It Va savecore_flags 3532.Pq Vt str 3533If crash dumps are enabled, these are the flags to pass to the 3534.Xr savecore 8 3535utility. 3536.It Va quota_enable 3537.Pq Vt bool 3538Set to 3539.Dq Li YES 3540to turn on user and group disk quotas on system startup via the 3541.Xr quotaon 8 3542command for all file systems marked as having quotas enabled in 3543.Pa /etc/fstab . 3544The kernel must be built with 3545.Cd "options QUOTA" 3546for disk quotas to function. 3547.It Va check_quotas 3548.Pq Vt bool 3549Set to 3550.Dq Li YES 3551to enable user and group disk quota checking via the 3552.Xr quotacheck 8 3553command. 3554.It Va quotacheck_flags 3555.Pq Vt str 3556If 3557.Va quota_enable 3558is set to 3559.Dq Li YES , 3560and 3561.Va check_quotas 3562is set to 3563.Dq Li YES , 3564these are the flags to pass to the 3565.Xr quotacheck 8 3566utility. 3567The default is 3568.Dq Li "-a" , 3569which checks quotas for all file systems with quotas enabled in 3570.Pa /etc/fstab . 3571.It Va quotaon_flags 3572.Pq Vt str 3573If 3574.Va quota_enable 3575is set to 3576.Dq Li YES , 3577these are the flags to pass to the 3578.Xr quotaon 8 3579utility. 3580The default is 3581.Dq Li "-a" , 3582which enables quotas for all file systems with quotas enabled in 3583.Pa /etc/fstab . 3584.It Va quotaoff_flags 3585.Pq Vt str 3586If 3587.Va quota_enable 3588is set to 3589.Dq Li YES , 3590these are the flags to pass to the 3591.Xr quotaoff 8 3592utility when shutting down the quota system. 3593The default is 3594.Dq Li "-a" , 3595which disables quotas for all file systems with quotas enabled in 3596.Pa /etc/fstab . 3597.It Va accounting_enable 3598.Pq Vt bool 3599Set to 3600.Dq Li YES 3601to enable system accounting through the 3602.Xr accton 8 3603facility. 3604.It Va firstboot_sentinel 3605.Pq Vt str 3606This variable specifies the full path to a 3607.Dq first boot 3608sentinel file. 3609If a file exists with this path, 3610.Pa rc.d 3611scripts with the 3612.Dq firstboot 3613keyword will be run on startup and the sentinel file will be deleted 3614after the boot process completes. 3615The sentinel file must be located on a writable file system which is 3616mounted no later than 3617.Va early_late_divider 3618to function properly. 3619The default is 3620.Pa /firstboot . 3621.It Va linux_enable 3622.Pq Vt bool 3623Set to 3624.Dq Li YES 3625to enable Linux/ELF binary emulation at system initial 3626boot time. 3627.It Va sysvipc_enable 3628.Pq Vt bool 3629If set to 3630.Dq Li YES , 3631load System V IPC primitives at boot time. 3632.It Va clear_tmp_enable 3633.Pq Vt bool 3634Set to 3635.Dq Li YES 3636to have 3637.Pa /tmp 3638cleaned at startup. 3639.It Va clear_tmp_X 3640.Pq Vt bool 3641Set to 3642.Dq Li NO 3643to disable removing of X11 lock files, 3644and the removal and (secure) recreation 3645of the various socket directories for X11 3646related programs. 3647.It Va ldconfig_paths 3648.Pq Vt str 3649Set to the list of shared library paths to use with 3650.Xr ldconfig 8 . 3651NOTE: 3652.Pa /lib 3653and 3654.Pa /usr/lib 3655will always be added first, so they need not appear in this list. 3656.It Va ldconfig32_paths 3657.Pq Vt str 3658Set to the list of 32-bit compatibility shared library paths to 3659use with 3660.Xr ldconfig 8 . 3661.It Va ldconfig_insecure 3662.Pq Vt bool 3663The 3664.Xr ldconfig 8 3665utility normally refuses to use directories 3666which are writable by anyone except root. 3667Set this variable to 3668.Dq Li YES 3669to disable that security check during system startup. 3670.It Va ldconfig_local_dirs 3671.Pq Vt str 3672Set to the list of local 3673.Xr ldconfig 8 3674directories. 3675The names of all files in the directories listed will be 3676passed as arguments to 3677.Xr ldconfig 8 . 3678.It Va ldconfig_local32_dirs 3679.Pq Vt str 3680Set to the list of local 32-bit compatibility 3681.Xr ldconfig 8 3682directories. 3683The names of all files in the directories listed will be 3684passed as arguments to 3685.Dq Nm ldconfig Fl 32 . 3686.It Va kern_securelevel_enable 3687.Pq Vt bool 3688Set to 3689.Dq Li YES 3690to set the kernel security level at system startup. 3691.It Va kern_securelevel 3692.Pq Vt int 3693The kernel security level to set at startup. 3694The allowed range of 3695.Ar value 3696ranges from \-1 (the compile time default) to 3 (the 3697most secure). 3698See 3699.Xr security 7 3700for the list of possible security levels and their effect 3701on system operation. 3702.It Va sshd_program 3703.Pq Vt str 3704Path to the SSH server program 3705.Pa ( /usr/sbin/sshd 3706is the default). 3707.It Va sshd_enable 3708.Pq Vt bool 3709Set to 3710.Dq Li YES 3711to start 3712.Xr sshd 8 3713at system boot time. 3714.It Va sshd_flags 3715.Pq Vt str 3716If 3717.Va sshd_enable 3718is set to 3719.Dq Li YES , 3720these are the flags to pass to the 3721.Xr sshd 8 3722daemon. 3723.It Va ftpd_program 3724.Pq Vt str 3725Path to the FTP server program 3726.Pa ( /usr/libexec/ftpd 3727is the default). 3728.It Va ftpd_enable 3729.Pq Vt bool 3730Set to 3731.Dq Li YES 3732to start 3733.Xr ftpd 8 3734as a stand-alone daemon at system boot time. 3735.It Va ftpd_flags 3736.Pq Vt str 3737If 3738.Va ftpd_enable 3739is set to 3740.Dq Li YES , 3741these are the additional flags to pass to the 3742.Xr ftpd 8 3743daemon. 3744.It Va watchdogd_enable 3745.Pq Vt bool 3746If set to 3747.Dq Li YES , 3748start the 3749.Xr watchdogd 8 3750daemon at boot time. 3751This requires that the kernel have been compiled with a 3752.Xr watchdog 4 3753compatible device. 3754.It Va watchdogd_flags 3755.Pq Vt str 3756If 3757.Va watchdogd_enable 3758is set to 3759.Dq Li YES , 3760these are the flags passed to the 3761.Xr watchdogd 8 3762daemon. 3763.It Va watchdogd_timeout 3764.Pq Vt int 3765If 3766.Va watchdogd_enable 3767is set to 3768.Dq Li YES , 3769this is a timeout that will be used by the 3770.Xr watchdogd 8 3771daemon. 3772If this option is set, it overrides 3773.Fl t 3774in 3775.Va watchdogd_flags . 3776.It Va watchdogd_shutdown_timeout 3777.Pq Vt int 3778If 3779.Va watchdogd_enable 3780is set to 3781.Dq Li YES , 3782this is a timeout that will be set by the 3783.Xr watchdogd 8 3784daemon when it exits during the system shutdown. 3785This timeout will not be set when returning to the single-user mode 3786or when the watchdogd service is stopped individually using the 3787.Xr service 8 3788command or the rc.d script. 3789Note that the timeout will be applied if 3790.Xr watchdogd 8 3791is stopped outside of 3792.Xr rc 8 3793framework. 3794If this option is set, it overrides 3795.Fl x 3796in 3797.Va watchdogd_flags . 3798.It Va devfs_rulesets 3799.Pq Vt str 3800List of files containing sets of rules for 3801.Xr devfs 8 . 3802.It Va devfs_system_ruleset 3803.Pq Vt str 3804Rule name(s) to apply to the system 3805.Pa /dev 3806itself. 3807.It Va devfs_set_rulesets 3808.Pq Vt str 3809Pairs of already-mounted 3810.Pa dev 3811directories and rulesets that should be applied to them. 3812For example: /mount/dev=ruleset_name 3813.It Va devfs_load_rulesets 3814.Pq Vt bool 3815If set, always load the default rulesets listed in 3816.Va devfs_rulesets . 3817.It Va performance_cx_lowest 3818.Pq Vt str 3819CPU idle state to use while on AC power. 3820The string 3821.Dq Li LOW 3822indicates that 3823.Xr acpi 4 3824should use the lowest power state available while 3825.Dq Li HIGH 3826indicates that the lowest latency state (less power savings) should be used. 3827.It Va performance_cpu_freq 3828.Pq Vt str 3829CPU clock frequency to use while on AC power. 3830The string 3831.Dq Li LOW 3832indicates that 3833.Xr cpufreq 4 3834should use the lowest frequency available while 3835.Dq Li HIGH 3836indicates that the highest frequency (less power savings) should be used. 3837.It Va economy_cx_lowest 3838.Pq Vt str 3839CPU idle state to use when off AC power. 3840The string 3841.Dq Li LOW 3842indicates that 3843.Xr acpi 4 3844should use the lowest power state available while 3845.Dq Li HIGH 3846indicates that the lowest latency state (less power savings) should be used. 3847.It Va economy_cpu_freq 3848.Pq Vt str 3849CPU clock frequency to use when off AC power. 3850The string 3851.Dq Li LOW 3852indicates that 3853.Xr cpufreq 4 3854should use the lowest frequency available while 3855.Dq Li HIGH 3856indicates that the highest frequency (less power savings) should be used. 3857.It Va jail_enable 3858.Pq Vt bool 3859If set to 3860.Dq Li NO , 3861any configured jails will not be started. 3862.It Va jail_conf 3863.Pq Vt str 3864The configuration filename used by 3865.Xr jail 8 3866utility. 3867The default value is 3868.Pa /etc/jail.conf . 3869.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3870and 3871.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3872will also be used if 3873.Va Ao Ar jname Ac Va 3874is set in 3875.Va jail_list . 3876.It Va jail_parallel_start 3877.Pq Vt bool 3878If set to 3879.Dq Li YES , 3880all configured jails will be started in the background (in parallel). 3881.It Va jail_flags 3882.Pq Vt str 3883Unset by default. 3884When set, use as default value for 3885.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3886for every jail in 3887.Va jail_list . 3888.It Va jail_list 3889.Pq Vt str 3890A space-delimited list of jail names. 3891When left empty, all of the 3892.Xr jail 8 3893instances defined in the configuration file are started. 3894The names specified in this list control the jail startup order. 3895.Xr jail 8 3896instances missing from 3897.Va jail_list 3898must be started manually. 3899Note that a jail's 3900.Va depend 3901parameter in the configuration file may override this list. 3902.It Va jail_reverse_stop 3903.Pq Vt bool 3904When set to 3905.Dq Li YES , 3906all configured jails in 3907.Va jail_list 3908are stopped in reverse order. 3909.It Va jail_ Ns * variables 3910Note that older releases supported per-jail configuration via 3911.Nm 3912variables. 3913For example, 3914hostname of a jail named 3915.Li vjail 3916was able to be set by 3917.Li jail_vjail_hostname . 3918These per-jail configuration variables are now obsolete in favor of 3919.Xr jail 8 3920configuration file. 3921For backward compatibility, 3922when per-jail configuration variables are defined, 3923.Xr jail 8 3924configuration files are created as 3925.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3926and used. 3927.Pp 3928The following per-jail parameters are handled by 3929.Pa rc.d/jail 3930script out of their corresponding 3931.Nm 3932variables. 3933In addition to them, parameters in 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3935will be added to the configuration file. 3936They must be a semi-colon 3937.Pq Ql \&; 3938delimited list of 3939.Dq key=value . 3940For more details, 3941see 3942.Xr jail 8 3943manual page. 3944.Bl -tag -width "host.hostname" -offset indent 3945.It Li path 3946set from 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3948.It Li host.hostname 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3951.It Li exec.consolelog 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3954The default value is 3955.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3956.It Li interface 3957set from 3958.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3959.It Li vnet.interface 3960set from 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3962This implies 3963.Li vnet 3964parameter will be enabled and cannot be specified with 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3966.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3967and/or 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3969at the same time. 3970.It Li fstab 3971set from 3972.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3973.It Li mount 3974set from 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3976.It Li exec.fib 3977set from 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3979.It Li exec.start 3980set from 3981.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3982The parameter name was 3983.Li command 3984in some older releases. 3985.It Li exec.prestart 3986set from 3987.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3988.It Li exec.poststart 3989set from 3990.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3991.It Li exec.stop 3992set from 3993.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3994.It Li exec.prestop 3995set from 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3997.It Li exec.poststop 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4000.It Li ip4.addr 4001set if 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4003or 4004.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4005contain IPv4 addresses 4006.It Li ip6.addr 4007set if 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4009or 4010.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4011contain IPv6 addresses 4012.It Li allow.mount 4013set from 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4015.It Li mount.devfs 4016set from 4017.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4018.It Li devfs_ruleset 4019set from 4020.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4021This must be an integer, 4022not a string. 4023.It Li mount.fdescfs 4024set from 4025.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4026.It Li allow.set_hostname 4027set from 4028.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4029.It Li allow.rawsocket 4030set from 4031.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4032.It Li allow.sysvipc 4033set from 4034.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4035.El 4036.\" ----------------------------------------------------- 4037.It Va harvest_mask 4038.Pq Vt int 4039Set to a bit-mask 4040representing the entropy sources 4041you wish to harvest. 4042Refer to 4043.Xr random 4 4044for more information. 4045.It Va entropy_dir 4046.Pq Vt str 4047Set to 4048.Dq Li NO 4049to disable caching entropy via 4050.Xr cron 8 . 4051Otherwise set to the directory 4052in which the entropy files are stored. 4053To be useful, 4054there must be 4055a system cron job 4056that regularly writes and rotates 4057files here. 4058All files found 4059will be used at boot time. 4060The default is 4061.Pa /var/db/entropy . 4062.It Va entropy_file 4063.Pq Vt str 4064Set to 4065.Dq Li NO 4066to disable caching entropy through reboots. 4067Otherwise set to the name 4068of a file used to store cached entropy. 4069This file should be located 4070on a file system that is readable 4071before all the volumes specified in 4072.Xr fstab 5 4073are mounted. 4074By default, 4075.Pa /entropy 4076is used, 4077but if 4078.Pa /var/db/entropy-file 4079is found it will also be used. 4080This will be of some use to 4081.Xr bsdinstall 8 . 4082.It Va entropy_boot_file 4083.Pq Vt str 4084Set to 4085.Dq Li NO 4086to disable 4087very early caching entropy 4088through reboots. 4089Otherwise set to the filename 4090used to read 4091very early reboot cached entropy. 4092This file should be located where 4093.Xr loader 8 4094can read it. 4095See also 4096.Xr loader.conf 5 . 4097The default location is 4098.Pa /boot/entropy . 4099.It Va entropy_save_sz 4100.Pq Vt int 4101Size of the entropy cache files saved by 4102.Nm save-entropy 4103periodically. 4104.It Va entropy_save_num 4105.Pq Vt int 4106Number of entropy cache files to save by 4107.Nm save-entropy 4108periodically. 4109.It Va ipsec_enable 4110.Pq Vt bool 4111Set to 4112.Dq Li YES 4113to run 4114.Xr setkey 8 4115on 4116.Va ipsec_file 4117at boot time. 4118.It Va ipsec_file 4119.Pq Vt str 4120Configuration file for 4121.Xr setkey 8 . 4122.It Va dmesg_enable 4123.Pq Vt bool 4124Set to 4125.Dq Li YES 4126to save 4127.Xr dmesg 8 4128to 4129.Pa /var/run/dmesg.boot 4130on boot. 4131.It Va rcshutdown_timeout 4132.Pq Vt int 4133If set, start a watchdog timer in the background which will terminate 4134.Pa rc.shutdown 4135if 4136.Xr shutdown 8 4137has not completed within the specified time (in seconds). 4138Notice that in addition to this soft timeout, 4139.Xr init 8 4140also applies a hard timeout for the execution of 4141.Pa rc.shutdown . 4142This is configured via 4143.Xr sysctl 8 4144variable 4145.Va kern.init_shutdown_timeout 4146and defaults to 120 seconds. 4147Setting the value of 4148.Va rcshutdown_timeout 4149to more than 120 seconds will have no effect until the 4150.Xr sysctl 8 4151variable 4152.Va kern.init_shutdown_timeout 4153is also increased. 4154.It Va virecover_enable 4155.Pq Vt bool 4156Set to 4157.Dq Li NO 4158to prevent the system from trying to 4159recover pre-maturely terminated 4160.Xr vi 1 4161sessions. 4162.It Va ugidfw_enable 4163.Pq Vt bool 4164Set to 4165.Dq Li YES 4166to load the 4167.Xr mac_bsdextended 4 4168module upon system initialization and load a default 4169ruleset file. 4170.It Va bsdextended_script 4171.Pq Vt str 4172The default 4173.Xr mac_bsdextended 4 4174ruleset file to load. 4175The default value of this variable is 4176.Pa /etc/rc.bsdextended . 4177.It Va newsyslog_enable 4178.Pq Vt bool 4179If set to 4180.Dq Li YES , 4181run 4182.Xr newsyslog 8 4183command at startup. 4184.It Va newsyslog_flags 4185.Pq Vt str 4186If 4187.Va newsyslog_enable 4188is set to 4189.Dq Li YES , 4190these are the flags to pass to the 4191.Xr newsyslog 8 4192program. 4193The default is 4194.Dq Li -CN , 4195which causes log files flagged with a 4196.Cm C 4197to be created. 4198.It Va mdconfig_md Ns Aq Ar X 4199.Pq Vt str 4200Arguments to 4201.Xr mdconfig 8 4202for 4203.Xr md 4 4204device 4205.Ar X . 4206At minimum a 4207.Fl t Ar type 4208must be specified and either a 4209.Fl s Ar size 4210for malloc or swap backed 4211.Xr md 4 4212devices or a 4213.Fl f Ar file 4214for vnode backed 4215.Xr md 4 4216devices. 4217Note that 4218.Va mdconfig_md Ns Aq Ar X 4219variables are evaluated until one variable is unset or null. 4220.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4221.Pq Vt str 4222Optional arguments passed to 4223.Xr newfs 8 4224to initialize 4225.Xr md 4 4226device 4227.Ar X . 4228.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4229.Pq Vt str 4230An ownership specification passed to 4231.Xr chown 8 4232after the specified 4233.Xr md 4 4234device 4235.Ar X 4236has been mounted. 4237Both the 4238.Xr md 4 4239device and the mount point will be changed. 4240.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4241.Pq Vt str 4242A mode string passed to 4243.Xr chmod 1 4244after the specified 4245.Xr md 4 4246device 4247.Ar X 4248has been mounted. 4249Both the 4250.Xr md 4 4251device and the mount point will be changed. 4252.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4253.Pq Vt str 4254Files to be copied to the mount point of the 4255.Xr md 4 4256device 4257.Ar X 4258after it has been mounted. 4259.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4260.Pq Vt str 4261Command to execute after the specified 4262.Xr md 4 4263device 4264.Ar X 4265has been mounted. 4266Note that the command is passed to 4267.Ic eval 4268and that both 4269.Va _dev 4270and 4271.Va _mp 4272variables can be used to reference respectively the 4273.Xr md 4 4274device and the mount point. 4275Assuming that the 4276.Xr md 4 4277device is 4278.Li md0 , 4279one could set the following: 4280.Bd -literal 4281mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4282.Ed 4283.It Va autobridge_interfaces 4284.Pq Vt str 4285Set to the list of bridge interfaces that will have newly arriving interfaces 4286checked against to be automatically added. 4287If not set to 4288.Dq Li NO 4289then for each whitespace separated 4290.Ar element 4291in the value, a 4292.Va autobridge_ Ns Aq Ar element 4293variable is assumed to exist which has a whitespace separated list of interface 4294names to match, these names can use wildcards. 4295For example: 4296.Bd -literal 4297autobridge_interfaces="bridge0" 4298autobridge_bridge0="tap* dc0 vlan[345]" 4299.Ed 4300.It Va mixer_enable 4301.Pq Vt bool 4302If set to 4303.Dq Li YES , 4304enable support for sound mixer. 4305.It Va hcsecd_enable 4306.Pq Vt bool 4307If set to 4308.Dq Li YES , 4309enable Bluetooth security daemon. 4310.It Va hcsecd_config 4311.Pq Vt str 4312Configuration file for 4313.Xr hcsecd 8 . 4314Default 4315.Pa /etc/bluetooth/hcsecd.conf . 4316.It Va sdpd_enable 4317.Pq Vt bool 4318If set to 4319.Dq Li YES , 4320enable Bluetooth Service Discovery Protocol daemon. 4321.It Va sdpd_control 4322.Pq Vt str 4323Path to 4324.Xr sdpd 8 4325control socket. 4326Default 4327.Pa /var/run/sdp . 4328.It Va sdpd_groupname 4329.Pq Vt str 4330Sets 4331.Xr sdpd 8 4332group to run as after it initializes. 4333Default 4334.Dq Li nobody . 4335.It Va sdpd_username 4336.Pq Vt str 4337Sets 4338.Xr sdpd 8 4339user to run as after it initializes. 4340Default 4341.Dq Li nobody . 4342.It Va bthidd_enable 4343.Pq Vt bool 4344If set to 4345.Dq Li YES , 4346enable Bluetooth Human Interface Device daemon. 4347.It Va bthidd_config 4348.Pq Vt str 4349Configuration file for 4350.Xr bthidd 8 . 4351Default 4352.Pa /etc/bluetooth/bthidd.conf . 4353.It Va bthidd_hids 4354.Pq Vt str 4355Path to a file, where 4356.Xr bthidd 8 4357will store information about known HID devices. 4358Default 4359.Pa /var/db/bthidd.hids . 4360.It Va rfcomm_pppd_server_enable 4361.Pq Vt bool 4362If set to 4363.Dq Li YES , 4364enable Bluetooth RFCOMM PPP wrapper daemon. 4365.It Va rfcomm_pppd_server_profile 4366.Pq Vt str 4367The name of the profile to use from 4368.Pa /etc/ppp/ppp.conf . 4369Multiple profiles can be specified here. 4370Also used to specify per-profile overrides. 4371When the profile name contains any of the characters 4372.Dq Li .-/+ 4373they are translated to 4374.Dq Li _ 4375for the proposes of the override variable names. 4376.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4377.Pq Vt str 4378Overrides local address to listen on. 4379By default 4380.Xr rfcomm_pppd 8 4381will listen on 4382.Dq Li ANY 4383address. 4384The address can be specified as BD_ADDR or name. 4385.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4386.Pq Vt str 4387Overrides local RFCOMM channel to listen on. 4388By default 4389.Xr rfcomm_pppd 8 4390will listen on RFCOMM channel 1. 4391Must set properly if multiple profiles used in the same time. 4392.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4393.Pq Vt bool 4394Tells 4395.Xr rfcomm_pppd 8 4396if it should register Serial Port service on the specified RFCOMM channel. 4397Default 4398.Dq Li NO . 4399.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4400.Pq Vt bool 4401Tells 4402.Xr rfcomm_pppd 8 4403if it should register Dial-Up Networking service on the specified 4404RFCOMM channel. 4405Default 4406.Dq Li NO . 4407.It Va ubthidhci_enable 4408.Pq Vt bool 4409If set to 4410.Dq Li YES , 4411change the USB Bluetooth controller from HID mode to HCI mode. 4412You also need to specify the location of USB Bluetooth controller with the 4413.Va ubthidhci_busnum 4414and 4415.Va ubthidhci_addr 4416variables. 4417.It Va ubthidhci_busnum 4418Bus number where the USB Bluetooth controller is located. 4419Check the output of 4420.Xr usbconfig 8 4421on your system to find this information. 4422.It Va ubthidhci_addr 4423Bus address of the USB Bluetooth controller. 4424Check the output of 4425.Xr usbconfig 8 4426on your system to find this information. 4427.It Va netwait_enable 4428.Pq Vt bool 4429If set to 4430.Dq Li YES , 4431delays the start of network-reliant services until 4432.Va netwait_if 4433is up and ICMP packets to a destination defined in 4434.Va netwait_ip 4435are flowing. 4436Link state is examined first, followed by 4437.Dq Li pinging 4438an IP address to verify network usability. 4439If no destination can be reached or timeouts are exceeded, 4440network services are started anyway with no guarantee that 4441the network is usable. 4442Use of this variable requires both 4443.Va netwait_ip 4444and 4445.Va netwait_if 4446to be set. 4447.It Va netwait_ip 4448.Pq Vt str 4449Empty by default. 4450This variable contains a space-delimited list of IP addresses to 4451.Xr ping 8 . 4452DNS hostnames should not be used as resolution is not guaranteed 4453to be functional at this point. 4454If multiple IP addresses are specified, 4455each will be tried until one is successful or the list is exhausted. 4456.It Va netwait_timeout 4457.Pq Vt int 4458Indicates the total number of seconds to perform a 4459.Dq Li ping 4460against each IP address in 4461.Va netwait_ip , 4462at a rate of one ping per second. 4463If any of the pings are successful, 4464full network connectivity is considered reliable. 4465The default is 60. 4466.It Va netwait_if 4467.Pq Vt str 4468Empty by default. 4469Defines the name of the network interface on which watch for link. 4470.Xr ifconfig 8 4471is used to monitor the interface, looking for 4472.Dq Li status: no carrier . 4473Once gone, the link is considered up. 4474This can be a 4475.Xr vlan 4 4476interface if desired. 4477.It Va netwait_if_timeout 4478.Pq Vt int 4479Defines the total number of seconds to wait for link to become usable, 4480polled at a 1-second interval. 4481The default is 30. 4482.It Va rctl_enable 4483.Pq Vt bool 4484If set to 4485.Dq Li YES , 4486load 4487.Xr rctl 8 4488rules from the defined ruleset. 4489The kernel must be built with 4490.Cd "options RACCT" 4491and 4492.Cd "options RCTL" . 4493.It Va rctl_rules 4494.Pq Vt str 4495Set to 4496.Pa /etc/rctl.conf 4497by default. 4498This variables contains the 4499.Xr rctl.conf 5 4500ruleset to load for 4501.Xr rctl 8 . 4502.It Va iovctl_files 4503.Pq Vt str 4504A space-separated list of configuration files used by 4505.Xr iovctl 8 . 4506The default value is an empty string. 4507.It Va autofs_enable 4508.Pq Vt bool 4509If set to 4510.Dq Li YES , 4511start the 4512.Xr automount 8 4513utility and the 4514.Xr automountd 8 4515and 4516.Xr autounmountd 8 4517daemons at boot time. 4518.It Va automount_flags 4519.Pq Vt str 4520If 4521.Va autofs_enable 4522is set to 4523.Dq Li YES , 4524these are the flags to pass to the 4525.Xr automount 8 4526program. 4527By default no flags are passed. 4528.It Va automountd_flags 4529.Pq Vt str 4530If 4531.Va autofs_enable 4532is set to 4533.Dq Li YES , 4534these are the flags to pass to the 4535.Xr automountd 8 4536daemon. 4537By default no flags are passed. 4538.It Va autounmountd_flags 4539.Pq Vt str 4540If 4541.Va autofs_enable 4542is set to 4543.Dq Li YES , 4544these are the flags to pass to the 4545.Xr autounmountd 8 4546daemon. 4547By default no flags are passed. 4548.It Va ctld_enable 4549.Pq Vt bool 4550If set to 4551.Dq Li YES , 4552start the 4553.Xr ctld 8 4554daemon at boot time. 4555.It Va iscsid_enable 4556.Pq Vt bool 4557If set to 4558.Dq Li YES , 4559start the 4560.Xr iscsid 8 4561daemon at boot time. 4562.It Va iscsictl_enable 4563.Pq Vt bool 4564If set to 4565.Dq Li YES , 4566start the 4567.Xr iscsictl 8 4568utility at boot time. 4569.It Va iscsictl_flags 4570.Pq Vt str 4571If 4572.Va iscsictl_enable 4573is set to 4574.Dq Li YES , 4575these are the flags to pass to the 4576.Xr iscsictl 8 4577program. 4578The default is 4579.Dq Li -Aa , 4580which configures sessions based on the 4581.Pa /etc/iscsi.conf 4582configuration file. 4583.It Va cfumass_enable 4584.Pq Vt bool 4585If set to 4586.Dq Li YES , 4587create and export an USB LUN using 4588.Xr cfumass 4 4589at boot time. 4590.It Va cfumass_dir 4591.Pq Vt str 4592The directory where the files exported by USB LUN are located. 4593The default directory is 4594.Pa /var/cfumass . 4595.It Va service_delete_empty 4596.Pq Vt bool 4597If set to 4598.Dq Li YES , 4599.Ql Li service delete 4600removes empty 4601.Dq Li rc.conf.d 4602files. 4603.It Va zfs_bootonce_activate 4604.Pq Vt bool 4605If set to 4606.Dq Li YES , 4607and a boot environment marked bootonce is successfully booted, 4608it will be made permanently active. 4609.El 4610.Sh FILES 4611.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4612.It Pa /etc/defaults/rc.conf 4613.It Pa /etc/defaults/vendor.conf 4614.It Pa /etc/rc.conf 4615.It Pa /etc/rc.conf.local 4616.El 4617.Sh SEE ALSO 4618.Xr chmod 1 , 4619.Xr gdb 1 , 4620.Xr info 1 , 4621.Xr kbdcontrol 1 , 4622.Xr sh 1 , 4623.Xr vi 1 , 4624.Xr vidcontrol 1 , 4625.Xr bridge 4 , 4626.Xr dummynet 4 , 4627.Xr ip 4 , 4628.Xr ipf 4 , 4629.Xr ipfw 4 , 4630.Xr ipnat 4 , 4631.Xr kld 4 , 4632.Xr pf 4 , 4633.Xr pflog 4 , 4634.Xr pfsync 4 , 4635.Xr tcp 4 , 4636.Xr udp 4 , 4637.Xr exports 5 , 4638.Xr fstab 5 , 4639.Xr ipf 5 , 4640.Xr ipnat 5 , 4641.Xr jail.conf 5 , 4642.Xr loader.conf 5 , 4643.Xr motd 5 , 4644.Xr newsyslog.conf 5 , 4645.Xr pf.conf 5 , 4646.Xr firewall 7 , 4647.Xr growfs 7 , 4648.Xr security 7 , 4649.Xr tuning 7 , 4650.Xr accton 8 , 4651.Xr apm 8 , 4652.Xr bsdinstall 8 , 4653.Xr bthidd 8 , 4654.Xr chkprintcap 8 , 4655.Xr chown 8 , 4656.Xr cron 8 , 4657.Xr devfs 8 , 4658.Xr dhclient 8 , 4659.Xr ftpd 8 , 4660.Xr geli 8 , 4661.Xr hcsecd 8 , 4662.Xr ifconfig 8 , 4663.Xr inetd 8 , 4664.Xr iovctl 8 , 4665.Xr ipf 8 , 4666.Xr ipfw 8 , 4667.Xr ipnat 8 , 4668.Xr jail 8 , 4669.Xr kldxref 8 , 4670.Xr loader 8 , 4671.Xr lpd 8 , 4672.Xr makewhatis 8 , 4673.Xr mdconfig 8 , 4674.Xr mdmfs 8 , 4675.Xr mixer 8 , 4676.Xr mountd 8 , 4677.Xr moused 8 , 4678.Xr newfs 8 , 4679.Xr newsyslog 8 , 4680.Xr nfsd 8 , 4681.Xr ntpd 8 , 4682.Xr ntpdate 8 , 4683.Xr pfctl 8 , 4684.Xr pflogd 8 , 4685.Xr ping 8 , 4686.Xr powerd 8 , 4687.Xr quotacheck 8 , 4688.Xr quotaon 8 , 4689.Xr rc 8 , 4690.Xr rc.sendmail 8 , 4691.Xr rcorder 8 , 4692.Xr rfcomm_pppd 8 , 4693.Xr route 8 , 4694.Xr routed 8 , 4695.Xr rpc.lockd 8 , 4696.Xr rpc.statd 8 , 4697.Xr rpc.tlsclntd 8 , 4698.Xr rpc.tlsservd 8 , 4699.Xr rpcbind 8 , 4700.Xr rwhod 8 , 4701.Xr savecore 8 , 4702.Xr sdpd 8 , 4703.Xr service 8 , 4704.Xr sshd 8 , 4705.Xr swapon 8 , 4706.Xr sysctl 8 , 4707.Xr syslogd 8 , 4708.Xr sysrc 8 , 4709.Xr unbound 8 , 4710.Xr usbconfig 8 , 4711.Xr wlandebug 8 , 4712.Xr yp 8 , 4713.Xr ypbind 8 , 4714.Xr ypserv 8 , 4715.Xr ypset 8 4716.Sh HISTORY 4717The 4718.Nm 4719file appeared in 4720.Fx 2.2.2 . 4721.Sh AUTHORS 4722.An Jordan K. Hubbard . 4723